你可以在調試器中運行這個,並驗證查詢是否返回一行?
幾點建議:
考慮參數化查詢是這樣的:
Dim conn As New SqlConnection(_connectionString)
conn.Open()
Dim s As String = "SELECT user_password FROM MyUsers WHERE user_logon_id = @user_login_id"
Dim cmd As New SqlCommand(s)
cmd.Parameters.Add("@user_login_id", Me.user_logon_id.Text)
Dim reader As SqlDataReader = cmd.ExecuteReader()
哈希以某種方式
考慮從數據庫表,其中的用戶名和密碼,選擇匹配的密碼。如果結果是一條記錄,則登錄成功。
Dim s As String = "SELECT userid FROM MyUsers WHERE user_logon_id = @user_login_id and [email protected]_password"
的完整代碼
Protected Sub butSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles butSubmit.Click
Dim myReader As Data.SqlClient.SqlDataReader
Dim mySqlConnection As Data.SqlClient.SqlConnection
Dim mySqlCommand As Data.SqlClient.SqlCommand
'Establish the SqlConnection by using the configuration manager to get the connection string in our web.config file.
mySqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString1").ToString())
Dim sql As String = "SELECT userid FROM MyUsers WHERE user_logon_id = @user_login_id and [email protected]_password"
mySqlCommand = New Data.SqlClient.SqlCommand(sql, mySqlConnection)
cmd.Parameters.Add("@user_login_id", Me.user_logon_id.Text)
cmd.Parameters.Add("@user_password", Me.user_password.Text)
Try
mySqlConnection.Open()
myReader = mySqlCommand.ExecuteReader()
If (myReader.HasRows) Then
'Open page with users and roles
Dim message As String = "Correct password"
Dim style As MsgBoxStyle = MsgBoxStyle.OkOnly
Dim title As String = "Authenticated"
MsgBox(message, style, title)
End If
Catch ex As Exception
Console.WriteLine(ex.ToString())
Finally
If Not (myReader Is Nothing) Then
myReader.Close()
End If
If (mySqlConnection.State = Data.ConnectionState.Open) Then
mySqlConnection.Close()
End If
End Try
End Sub
'「我不需要擔心加密的密碼。」'沒有,但你應該擔心散列密碼。即使這不是明確規定的要求,也應該始終這樣做。 – David
你有什麼錯誤嗎?什麼在這裏造成麻煩?更改您的查詢來檢查用戶名和密碼,並返回一個SQL中的行數,然後使用執行標量來獲得計數和基於計數authenticate用戶。 –
不要說SQL注入... – RBarryYoung