1

在我的项目(vb.net)中,我将网站的 ip 地址存储在类型为列的表中nvarchar。但我无法从表中检索它。我想知道“点”符号是否有问题。请帮忙。

这是我使用的命令

 query = "select *from restricted_sites where site_address='" + webip + "'"

webip是网站的IP地址。

Imports System.Data.SqlClient
Imports System.Net
Public Class restrict
    Private Sub clear_button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles clear_button.Click
        site_TextBox1.Text = ""
        addr_TextBox1.Text = ""
    End Sub
    Private Sub submit_button_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles submit_button.Click
        Dim connectionstr As String
        Dim query As String
        Dim conn As SqlConnection
        Dim cmd As SqlCommand
        Dim webip As String
        Dim hostname As IPHostEntry = Dns.GetHostByName(addr_TextBox1.Text)
        Dim ip As IPAddress() = hostname.AddressList
        Try
            webip = ip(0).ToString
            connectionstr = "Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\URLTrack.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"
            conn = New SqlConnection(connectionstr)
            conn.Open()
            query = "insert into restricted_sites values('" + site_TextBox1.Text + "','" + webip + "')"
            cmd = New SqlCommand(query, conn)
            cmd.ExecuteNonQuery()
            MsgBox("Website added for restriction", MsgBoxStyle.Information)
            conn.Close()
        Catch ex As SqlException
        End Try
    End Sub
End Class


Private Sub Combox1_KeyPress(ByVal sender As System.Object, ByVal e As System.Windows.Forms.KeyPressEventArgs) Handles Combox1.KeyPress
        If e.KeyChar = Convert.ToChar(Keys.Enter) Then
            Dim connectionstr As String
            Dim query As String
            Dim cmd As SqlCommand
            Dim reader As SqlDataReader
            Dim conn As SqlConnection
            Dim url As String = ""
            Dim webip As String
            Dim hostname As IPHostEntry = Dns.GetHostByName(Combox1.Text)
            Dim ip As IPAddress() = hostname.AddressList
            webip = ip(0).ToString
            connectionstr = "Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Program Files\Microsoft SQL Server\MSSQL10.SQLEXPRESS\MSSQL\DATA\URLTrack.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"
            conn = New SqlConnection(connectionstr)
            conn.Open()
            query = "select * from restricted_sites where site_address='" + webip + "'"
            cmd = New SqlCommand(query, conn)
            reader = cmd.ExecuteReader
            While (reader.Read())
                url = reader(2)
            End While
            reader.Close()
            MsgBox(url, MsgBoxStyle.Information)
            If webip <> url Then
                AxWebBrowser1.Navigate(Combox1.Text)
                Combox1.Text = AxWebBrowser1.LocationURL
            Else
                MsgBox("This Web Page is Restricted.Contact the ADMIN for Further Info", MsgBoxStyle.Critical)
            End If
        End If
        If e.KeyChar = Convert.ToChar(Keys.Escape) Then
            AxWebBrowser1.Stop()
        End If
    End Sub

第二个代码是比较部分。query = "select * from restricted_sites where site_address='" + webip + "'" 这个代码是问题所在。这是我在浏览 url 时通过与存储在数据库中的 ip 地址匹配来限制网站的代码。

4

3 回答 3

1

您的查询有语法错误。你忘记了 和 之间的*空格from

select *from restricted_sites
       ^ here

它应该是

select * from restricted_sites

旁注,由于您使用的是 VBNet,因此请使用adonet 命令和参数对查询进行参数化,因为您当前的查询易受SQL Injection.

于 2012-09-30T14:44:57.813 回答
0

如果您所做的只是检查一个 IP 地址字符串是否在数据库中,您只需要计算该字符串的出现次数:

query = "SELECT COUNT(*) FROM restricted_sites WHERE site_address = @WebIp;"
cmd = New SqlCommand(query, conn)
' assumes the ip address column is 15 chars '
cmd.Parameters.Add(New SqlParameter With {.ParameterName = "@WebIp", _
                                          .SqlDbType = SqlDbType.NVarChar, _
                                          .Size = 15, _
                                          .Value = webip})

conn.Open()
Dim nFound = CInt(cmd.ExecuteScalar)
conn.Close()

If nFound = 0 Then
    ' site is not in restricted list
End If

此外,您不应该SELECT *在测试以外的代码中使用 - 使用列名而不是 * 并且只检索您需要的内容。

于 2012-09-30T16:24:43.940 回答
0

您需要在等之间放置一个空格*from这样:

query = "select * from restricted_sites where site_address='" + webip + "'"

点符号(大概是您在 webip 中的意思)不会有问题,因为它在字符串中

于 2012-09-30T14:44:33.010 回答