1

我正在为我正在从事的项目尝试一种新方法,并且我刚刚开始了解 Access 数据库。我使用VB.net,我的问题是:如何查看数据库表中是否存在记录。我以为我明白了,但事实并非如此。我正在创建一个登录名,我希望它在尝试将您输入的内容与数据库中的内容进行比较之前检查他们输入的用户名是否存在。我看到很多关于如何做到这一点的问题......但不适用于 VB.netMS Access

这是我的代码:

Imports System.Data.OleDb
Public Class LoginForm1
    Dim provider As String
    Dim dataFile As String
    Dim connString As String
    Public myConnection As OleDbConnection = New OleDbConnection
    Public dr As OleDbDataReader
    Dim Errors As String
    Public Sub AccessAccountDatabase()
        provider = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source ="
        dataFile = "C:\Users\Richard\Documents\Visual Studio 2010\Projects\CybSol Journal Database\CybSol Journal Database\cgi-bin\Data.mdb"
        connString = provider & dataFile
        myConnection.ConnectionString = connString
        Errors = ""
        Try
            myConnection.Open()
            Dim str As String
            str = "SELECT * FROM Accounts WHERE Username='" & UsernameTxt.Text & "' AND Password='" & PasswordTxt.Text & "'"
            Dim cmd As OleDbCommand = New OleDbCommand(str, myConnection)
            dr = cmd.ExecuteReader
            dr.Read()

            If UsernameTxt.Text = dr("Username").ToString AndAlso PasswordTxt.Text = dr("Password").ToString Then
                Dim Welcome As String = "SELECT * FROM Accounts WHERE Real_Name=" & "Username"
                MsgBox("Welcome back " & dr("Real_Name") & "!")
            Else
                MsgBox("Login Failure")
            End If
            myConnection.Close()
        Catch ex As Exception
            MsgBox(ex.ToString)
        End Try
    End Sub

    Private Sub OkayBtn_Click(sender As System.Object, e As System.EventArgs) Handles OkayBtn.Click
        AccessAccountDatabase()
    End Sub
End Class

所以现在我的问题是......你如何得到它来检查数据库中是否存在记录,因为当你输入正确的信息(数据库中存在的正确用户名和密码)时,它会说欢迎和所有。但是,当您输入错误的用户名和/或密码时,它就不起作用了。如果没有“Try Catch”语句,程序就会冻结。通过 try catch 它说明了这一点:

System.InvalidOperationException: No data exists for the row/column.
   at System.Data.OleDb.OleDbDataReader.DoValueCheck(Int32 ordinal)
   at System.Data.OleDb.OleDbDataReader.GetValue(Int32 ordinal)
   at System.Data.OleDb.OleDbDataReader.get_Item(String name)
   at CybSol_Journal_Database.LoginForm1.AccessAccountDatabase() in c:\users\richard\documents\visual studio 2010\Projects\CybSol Journal Database\CybSol Journal Database\LoginForm1.vb:line 36

添加信息:第36行是这样的:If UsernameTxt.Text = dr("Username").ToString AndAlso PasswordTxt.Text = dr("Password").ToString Then

4

5 回答 5

7

第一个问题:

PASSWORD 是 Access 中的保留关键字。您应该封装在方括号中:

"SELECT * FROM Accounts WHERE Username='" & UsernameTxt.Text & _
"' AND [Password]='" & PasswordTxt.Text & "'"

第二个问题:

切勿使用字符串连接来创建 sql 文本。总是使用参数

 str = "SELECT * FROM Accounts WHERE Username=? AND [Password]=?"   
 Dim cmd As OleDbCommand = New OleDbCommand(str, myConnection)   
 cmd.Parameters.AddWithValue("user", UserNameTxt.Text)
 cmd.Parameters.AddWithValue("pass", PasswordTxt.Text)
 dr = cmd.ExecuteReader

为什么?看看这里如果你连接来自用户输入的字符串会发生什么

第三个问题:测试你的命令是否返回行

 If dr.Read() Then
    ......

 End if
于 2012-07-16T20:02:50.127 回答
2

我添加了一些Using语句,因此您不必手动关闭连接。另外,我将 SQL 语句参数化以防止 SQL 注入。

 Public Class LoginForm1
      Dim provider As String
      Dim dataFile As String
      Dim connString As String
      'Public myConnection As OleDbConnection = New OleDbConnection
      'Public dr As OleDbDataReader
      Dim Errors As String
      Public Sub AccessAccountDatabase()
        provider = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source ="
        dataFile = "C:\Users\Richard\Documents\Visual Studio 2010\Projects\CybSol Journal Database\CybSol Journal Database\cgi-bin\Data.mdb"
        connString = provider & dataFile
        myConnection.ConnectionString = connString
        Errors = ""
        Try
          Using myConnection As OleDbConnection = New OleDbConnection(connString)
            myConnection.Open()
            Dim str As String
            str = "SELECT * FROM Accounts WHERE Username=@USER AND [Password]=@PWD "
            Using cmd As OleDbCommand = New OleDbCommand(str, myConnection)
              cmd.Parameters.AddWithValue("@USER", UsernameTxt.Text)
              cmd.Parameters.AddWithValue("@PWD", PasswordTxt.Text)
              Using dr As OleDbDataReader = cmd.ExecuteReader
                If dr.HasRows Then
                  dr.Read()
                  If UsernameTxt.Text = dr("Username").ToString AndAlso PasswordTxt.Text = dr("Password").ToString Then
                    Dim Welcome As String = "SELECT * FROM Accounts WHERE Real_Name=" & "Username"
                    MsgBox("Welcome back " & dr("Real_Name") & "!")
                  Else
                    MsgBox("Login Failure")
                  End If
                Else
                  MsgBox("Login Failure")
                End If
              End Using
            End Using
          End Using
        Catch ex As Exception
          MsgBox(ex.ToString)
        End Try


      End Sub

      Private Sub OkayBtn_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OkayBtn.Click
        AccessAccountDatabase()
      End Sub
    End Class
于 2012-07-16T20:03:50.830 回答
1

你在正确的轨道上。返回一个布尔值,OleDbDataReader.Read指示它是否成功读取现有行。True因此,您可以在尝试读取记录之前检查它是否返回。例如:

If dr.Read() Then
    If UsernameTxt.Text = dr("Username").ToString AndAlso PasswordTxt.Text = dr("Password").ToString Then
    Dim Welcome As String = "SELECT * FROM Accounts WHERE Real_Name=" & "Username"
        MsgBox("Welcome back " & dr("Real_Name") & "!")
    Else
        MsgBox("Login Failure")
    End If
End If

另外,我觉得我至少应该提一下,以纯文本形式存储密码绝不是一个好主意。

于 2012-07-16T20:03:17.627 回答
0

您不必再次检查代码中的用户名和密码,因为如果在数据库中不匹配,则不会返回任何行。

你可以简单地做

dr = cmd.ExecuteReader
If dr.HasRows Then
   //it matched
Else
   //it didn't match. could not log in
End If

如果您仍想保留它,您的方法如下,但没有必要

dr = cmd.ExecuteReader
If dr.HasRows Then

    dr.Read()

    If UsernameTxt.Text = dr("Username").ToString AndAlso PasswordTxt.Text = dr("Password").ToString Then

    Else

    End If

End If
于 2012-07-16T19:59:53.077 回答
0

在 DataReader 上使用 Read() 方法(请注意,这会使您与数据库的连接保持打开状态,并且当 DataReader 仍在读取时,您将无法在数据库上执行任何其他命令。

If String.Compare(dr("Username").ToString(), UsernameTxt.Text, true) AndAlso String.Compare(dr("Password").ToString(), PasswordTxt.Text.ToString() Then
    ' The username and password for the record match
    ' the input from the login form
    ProcessLogin()
Else
    ' Invalid username or password, send an error
End If
于 2016-04-21T01:28:59.900 回答