0
所以我有我的登錄代碼在vb.net的問題,並想知道任何人都可以建議什麼是我的代碼有問題?VB.NET登錄問題與SQL
我得到的錯誤是:
類型「System.Data.SqlClient.SqlException」出現在system.data.dll但在用戶代碼中沒有處理
信息的例外:數據類型text和varchar在等於運算符中不兼容。
代碼。
Imports System.Data.SqlClient
Partial Class Login Inherits System.Web.UI.Page
Protected Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click
Dim conn As New SqlConnection
Dim cmd As New SqlCommand
Dim dr As SqlDataReader
Dim LogEmail As String
Dim LogPassword As String
LogEmail = txtLogEmail.Text
LogPassword = txtLogPword.Text
conn.ConnectionString = "Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\User\Documents\Visual Studio 2015\WebSites\myAppointments\App_Data\Database.mdf;Integrated Security=True"
cmd.Connection = conn
conn.Open()
cmd.CommandText = "SELECT EmailAddress, Password FROM PatientDetails WHERE EmailAddress = '" & txtLogEmail.Text & "' and Password = '" & txtLogPword.Text & "'"
dr = cmd.ExecuteReader
If dr.HasRows Then
lblLogin.Text = "Login Successful!"
Else
lblLogin.Text = "Login Unsuccessful! :("
End If
conn.Close()
End Sub
End Class
你意識到這是一個SQL注入等待發生的權利?參數化您的查詢!更不用說純文本密碼了嗎? – VDWWD
你能幫我這麼做嗎? –
[Goole是你的朋友](https://www.google.nl/?gws_rd=ssl#q=parametarized+queries+vb&*) – VDWWD