0

1)这是我检查用户名和密码的代码,如果匹配则登录。:

Private Sub cmdOK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdOK.Click
    Try
        Dim dr As OleDb.OleDbDataReader
        Dim cmd As OleDb.OleDbCommand
        Dim logQuery As String = ("SELECT * FROM Login_db where Username='" & txtUsername.Text & "'")
        cnnOLEDB.Open()
        cmd = New OleDb.OleDbCommand(logQuery, cnnOLEDB)
        dr = cmd.ExecuteReader              
        If dr.Read = True Then         <-------------------- problem

            If txtUsername.Text = dr("Username") Then
                If txtPassword.Text = dr("Password") Then
                    MsgBox("Hii")
                End If
            Else
                MsgBox("Byee")
            End If
        End If
    Catch ex As Exception
        MsgBox(ex.Message)
        cnnOLEDB.Close()
    End Try

End Sub

if dr.read=true then即使我在我的表中记录了该行,该行也会返回 false ......

2)这是我在登录表中添加新用户的代码

尝试

        Dim addUser As String

        addUser = "INSERT INTO Login_db(Username,Password) VALUES (@uname,@pswd)"
        cnnOLEDB.Open()

        Dim _comm As OleDb.OleDbCommand = New OleDb.OleDbCommand(addUser, cnnOLEDB)

        _comm.Parameters.AddWithValue("@uname", txtUsername.Text)
        _comm.Parameters.AddWithValue("@pswd", txtPasswd.Text)
        _comm.ExecuteNonQuery()
        cnnOLEDB.Close()

        MsgBox("Record Inserted", MsgBoxStyle.OkOnly)
    Catch ex As Exception
        MsgBox(ex.Message)
        cnnOLEDB.Close()
    End Try

错误是:插入语句中的语法错误。我找不到我的错误。

请解决我的问题...谢谢..

4

1 回答 1

1

我想这是一个 MS Access 数据库。在这种情况下,单词 PASSWORD 是保留关键字。
如果您使用该名称作为列名,那么您应该始终用方括号将其封装起来。

addUser = "INSERT INTO Login_db(Username,[Password]) VALUES (@uname,@pswd)"

作为旁注,您检索用户的选择查询很危险,如果用户名包含单引号(撇号)或更糟的情况可能是 sql 注入攻击的向量,则可能会失败。像在插入语句中一样使用始终参数化的查询

Dim logQuery As String = "SELECT * FROM Login_db where Username=@uname"
cnnOLEDB.Open()
cmd = New OleDb.OleDbCommand(logQuery, cnnOLEDB)
cmd.Parameters.AddWithValue("@uname", txtUserName.Text)
于 2013-04-04T09:33:42.490 回答