1. 首頁
  2. 問答
  3. Visual Studio本地數據庫,檢查布爾是否爲真

Visual Studio本地數據庫,檢查布爾是否爲真

2016-09-28 89 views
1

第一次海報在這裏..我一直在這個問題困擾了一段時間。 這段代碼檢查用戶名和密碼的組合是否存在,如果存在,它會重定向到一個新表單。 問題是,我也想檢查一下位值是真還是假,如果它然後重定向到另一頁。我只是不知道如何。Visual Studio本地數據庫,檢查布爾是否爲真

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles 
Button1.Click 
    Dim connection As New SqlClient.SqlConnection 
    Dim command As New SqlClient.SqlCommand 
    Dim myData As SqlClient.SqlDataReader 
    Dim Dataset As New DataSet 
    Dim adaptor As New SqlClient.SqlDataAdapter 
    connection.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\NewFolder1\Members.mdf;Integrated Security=True") 
    command.CommandText = "SELECT * FROM [User] WHERE username = '" & TextBox1.Text & "' AND password= '" & TextBox2.Text & "';" 
    connection.Open() 
    command.Connection = connection 
    adaptor.SelectCommand = command 
    adaptor.Fill(Dataset, 0) 
    myData = command.ExecuteReader 

    If Not myData.HasRows Then 
     TextBox1.Clear() 
     TextBox2.Clear() 
     MsgBox("Forkert login, prøv igen") 
    ElseIf myData.HasRows Then 
     Me.Hide() 
     LoggetInd.Show() 
    End If

來源

2016-09-28 Drax

+0

位(true/false)的值是否改變了被重定向到的頁面,還是隻是一個額外的檢查? –

+1

不要將密碼存儲爲純文本。哈希它們。還使用sql參數 - 名爲D'Artagnan的用法會使您的應用程序崩潰 – Plutonix

+0

該位的值會將正在重定向的頁面更改爲yes – Drax

回答

0

這裏是你可以做什麼:

Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click 
    Dim connection As New SqlClient.SqlConnection 
    Dim command As New SqlClient.SqlCommand 
    Dim myData As SqlClient.SqlDataReader 
    connection.ConnectionString = ("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\NewFolder1\Members.mdf;Integrated Security=True") 
    'Don't use SELECT *, call out the columns you want by name, in the order you want them 
    command.CommandText = "SELECT Username, Password, Bit1 FROM [User] WHERE username = '" & TextBox1.Text & "' AND password= '" & TextBox2.Text & "';" 
    connection.Open() 
    command.Connection = connection 
    myData = command.ExecuteReader(CommandBehavior.CloseConnection) 
    Dim dbUsername As String, dbPassword As String, dbBit1 As Boolean 
    If myData.Read Then 
     'Access the data in the datareader using a 0-based index 
     'Be careful as this requires you to know the datatype in the database 
     'If you have a 64bit integer stored in the database, 
     'you can't call GetInt32, you have to call GetInt64. 
     dbUsername = myData.GetString(0) 
     dbPassword = myData.GetString(1) 
     dbBit1 = myData.GetBoolean(2) 
    End If 
    'Don't forget to Close all your DataReaders 
    myData.Close() 
    If dbUsername = "" Then 
     TextBox1.Clear() 
     TextBox2.Clear() 
     MsgBox("Forkert login, prøv igen") 
    Else 
     If dbBit1 Then 
      'Redirect as needed 
     Else 
      Me.Hide() 
      LoggetInd.Show() 
     End If 
    End If 
End Sub

Plutonix是正確的,你需要使用一個哈希加密/存儲你的密碼。您還需要使用SQL參數。當前的方法是SQL注入操場等等。

調用完成後關閉所有數據採集器,如果沒有,您將在所有地方打開SQL連接。當你調用ExecuteReader時,一定要使用CommandBehavior.CloseConnection。關閉數據庫之後,這會自動關閉連接。

這將有望讓您的代碼正常工作,但您需要對安全性和穩定性進行其他更改。

-E

來源

2016-09-28 18:33:09

相關問題

 相關問題