0

我为我的程序制作了一个简单的登录代码。

在我的网站上,我为存储用户名、电子邮件和密码的程序创建了一个 mysql 数据库,我已查询数据库 2 次以插入 2 个帐户。

我可以使用第一个帐户登录而不会出现问题,但使用第二个和第三个帐户则不能,依此类推。

无论如何,这是代码:

Dim dbConn As New MySqlConnection
                        Dim UsernameVerify As New MySqlCommand
                        Dim PasswordVerify As New MySqlCommand
                        Dim EmailVerify As New MySqlCommand
                        Dim typeverify As New MySqlCommand
                        Dim lgnUsername As String
                        Dim lgnPassword As String
                        Dim lgnEmail As String
                        Dim lgntype As String
                        'server info
                        dbConn.ConnectionString = "server=*************;UserID=*******;password=********;database=*****"
                        Try
                            dbConn.Open()
                            UsernameVerify.Connection = dbConn
                            UsernameVerify.CommandText = "Select USERNAME from users"
                            PasswordVerify.Connection = dbConn
                            PasswordVerify.CommandText = "Select PASSWORD from users"
                            EmailVerify.Connection = dbConn
                            EmailVerify.CommandText = "Select EMAIL from users"
                            typeverify.Connection = dbConn
                            typeverify.CommandText = "Select TYPE from users"


                            lgnUsername = UsernameVerify.ExecuteScalar
                            lgnPassword = PasswordVerify.ExecuteScalar
                            lgnEmail = EmailVerify.ExecuteScalar
                            lgntype = typeverify.ExecuteScalar
                            dbConn.Close()
                            If ComboBox1.Text = lgnUsername And ComboBox2.Text = lgnPassword And ComboBox3.Text = lgnEmail And ComboBox4.Text = lgntype Then
                                Panel1.BackgroundImage = mpng2
                                Label5.Text = "Succesfully verified user !"
                                Me.Close()

                            Else
                                Panel1.BackgroundImage = mpng
                                Label5.Text = "Could not find user check your credentials"
                                ComboBox1.Focus()

                            End If
                        Catch ex As MySqlException
                            Label5.Text = "Error while verifying "
                            MessageBox.Show("Error when connecting to database|" + ex.Message)
                            dbConn.Dispose()
                            verifying.Close()

                        End Try

有谁知道如何解决这个问题。

我已经在考虑使用 while 循环或其他东西,或者还有其他东西吗?

4

1 回答 1

0

没有必要循环,而您正在为自己的生活变得艰难。请记住始终保持简单。

简单的登录代码可能如下所示:

Protected Sub btnLogin_Click(ByVal sender As Object, ByVal e As SYstem.EventArgs) Handles btnLogin.Click

    Dim conn As New MysqlConnection("Server=****;Database=****;User=****;Password=****;")

    Dim sql As String = "SELECT userid, username, password, email, type FROM users WHERE username = xname AND password = xpass"

    Dim args As New List(Of MySqlParameter)
    args.Add(New MySqlParameter("xname", txtUsername.Text))
    args.Add(New MySqlParameter("xpass", txtPassword.Text))

    Dim cmd As MySqlCommand = New MySqlCommand(sql, conn)
    cmd.Parameters.AddRange(args.ToArray) ' You might want to check this, not sure if it needs the .ToArray

    Dim drLogin As MySqlDataReader = cmd.ExecuteReader()

    If drLogin.HasRows

        ' do login code here (I'll store user details out the DataReader and redirect)
        dr.Read()

        Session("userid") = dr("userid")
        Session("username") = dr("username")
        Session("usertype") = dr("type")

        Response.Redirect("~/Members/Home.aspx")
    Else
        lblerr.Text = "Invalid username/password"
        lblerr.ForeColor = System.Drawing.Color.Red
    End If
End Sub

此代码在 1 个单一查询中获取您可能需要的所有用户信息(有利于限制数据库的开销)。sql 中的 WHERE 子句意味着它只会获取用户名和密码与用户登录时匹配的行。

简单地存储输入的List(Of SqlParameter)值以在 sql 中使用。这有助于更多地保护表单,因为这种方式不太可能进行 sql 注入。我在这里将此列表转换为数组,因为我不确定 SqlCommand.Paramaters.AddRange 是否接受列表。一种或另一种方式将起作用。

会话变量对于显示仅与登录用户相关的内容很有用。您可以使用用户标识来限制来自数据库的结果,以仅获取用户标识与 Session("userid") 值相同的内容。

希望这可以帮助!

于 2012-07-06T11:34:13.423 回答