我正在玩數據庫,今天我試圖使用SQLCompactEdition數據庫,我創建了一個名爲UserDB的本地數據庫,並在其中有一個名爲User的表。VB.NET中的SQLCe數據庫拋出異常,同時在表中插入數據
我已經使用我的應用程序(這是另一個數據庫)登錄到管理員,並通過管理員,我正在創建一個用戶。我曾經爲宗旨
代碼是:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim connStr As New SqlCeConnection("Data Source=c:\users\babi\documents\visual studio 2012\Projects\ShopManagement\ShopManagement\" & "User\UserDB.sdf; Password =")
Dim name, pass, repass As String
name = TextBox1.Text
If (name.Length = 0) Then
MessageBox.Show("Enter user-name!!")
Exit Sub
End If
pass = TextBox2.Text
If (pass.Length = 0) Then
MessageBox.Show("Enter password!!")
Exit Sub
End If
repass = TextBox3.Text
If (repass.Length = 0) Then
MessageBox.Show("Re-enter password!!")
Exit Sub
End If
If (getMD5Hash(pass) = getMD5Hash(repass)) Then
Dim cmd As New SqlCeCommand("INSERT INTO User(uname, upass)VALUES(" & name & "," & getMD5Hash(pass) & ");", connStr)
connStr.Open()
cmd.ExecuteNonQuery()
connStr.Close()
MessageBox.Show("User Created!")
Exit Sub
Else
MessageBox.Show("Passwords donot match!!")
Exit Sub
End If
End Sub
當我調試,我發現查詢字符串是:
"INSERT INTO User(uname, upass)VALUES(abcd,827ccb0eea8a706c4c34a16891f84e7b);"
發生是例外:
An unhandled exception of type 'System.Data.SqlServerCe.SqlCeException' occurred in System.Data.SqlServerCe.dll
我無法理解是什麼導致了這個錯誤。 如果需要更多信息,請詢問。
編輯
固定碼:
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim connStr As New SqlCeConnection("Data Source=c:\users\babi\documents\visual studio 2012\Projects\ShopManager\ShopManager\" & "ManagementDB.sdf; Password =")
Dim name, pass, repass As String
name = TextBox1.Text
If (name.Length = 0) Then
MessageBox.Show("Enter user-name!!")
Exit Sub
End If
pass = TextBox2.Text
If (pass.Length = 0) Then
MessageBox.Show("Enter password!!")
Exit Sub
End If
repass = TextBox3.Text
If (repass.Length = 0) Then
MessageBox.Show("Re-enter password!!")
Exit Sub
End If
If (getMD5Hash(pass) = getMD5Hash(repass)) Then
Dim cmd As New SqlCeCommand("INSERT INTO [User](uname, upass) VALUES('" & name & "','" & getMD5Hash(pass) & "');", connStr)
connStr.Open()
cmd.ExecuteNonQuery()
connStr.Close()
MessageBox.Show("User Created!")
Exit Sub
Else
MessageBox.Show("Passwords donot match!!")
Exit Sub
End If
End Sub
的問題的解決方案是由兩種解決方案的組合給出! 所以謝謝你們兩個:)
問候 Priyabrata
寫@Priyabrata我看你已經選擇了一個不同的答案,沒有問題,但rememeber是字符串連接是通向地獄的道路(SQL注入)。如果我在用戶名字段「x」中寫入,會發生什麼; DELETE FROM [user] - '? (請不要嘗試,[看看這個])(http://stackoverflow.com/questions/332365/how-does-the-sql-injection-from-the-bobby-tables-xkcd-comic-work) – Steve
我明白了!!謝謝你指出,這是我第一次與DB打交道,所以我不知道這一點。 – Priyabrata