0

好的,从上一个问题的答案来看,推理在这里仍然适用,但这次是一个不同的问题。我为正在创建的启动器获得了一个登录系统 (Loginvb.vb),我想知道两件事:

  1. 是否有更好的方法来使用数据库进行登录检查(如更安全)(登录样式将通过 PHP 脚本进行基于 Web 的注册设置)?
  2. 有没有办法在数据库中获取某个列(标记为访问)并将其作为公共字符串,以便我可以检查它是否等于 1 2 或 3 以标记为 Main.vb 的不同形式

这是当前的登录检查:

Public Sub login_Click(sender As Object, e As EventArgs) Handles login.Click
    If txtuserName.Text = "" Or txtpassWord.Text = "" Then
        MsgBox("You cannot progress until you login....(moron =p)")
    Else
        'Connects To the Database 
        Dim connect As MySqlConnection
        connect = New MySqlConnection()
        connect.ConnectionString = "server=127.0.0.1;user id=sc;Password=derp;database=sclaunch" 'not the actual login ;)
        Try
            connect.Open()
        Catch myerror As MySqlException
            MsgBox("Error Connecting to Database. Please Try again !")
        End Try
        'SQL Query To Get The Details
        Dim myAdapter As New MySqlDataAdapter
        Dim sqlquerry = "Select * From login where username = '" + txtuserName.Text + "' And password= '" + txtpassWord.Text + "'"
        Dim myCommand As New MySqlCommand()
        'My fail attempt at what I am trying to do :(
        Dim sql22 As MySqlConnection
        sql22 = New MySqlConnection()
        sql22.ConnectionString = "Select * From login where access ="
        'End of fail attempt
        myCommand.Connection = connect
        myCommand.CommandText = sqlquerry
        'Starting The Query
        myAdapter.SelectCommand = myCommand
        Dim mydata As MySqlDataReader
        mydata = myCommand.ExecuteReader
        'To check the Username and password and to validate the login 
        If mydata.HasRows = 0 Then
            MsgBox("Invalid Login")
        Else
            'fail testing xD
            Label3.Text = sql22
            MsgBox("You are now Loged In!")

        End If
    End If
End Sub

基本上仍然在学习越来越多的东西,因为我正在编写所有这些代码,所以我喜欢反复试验以及遇到困难的时刻=/(对不起管理员或任何修复标签问题的东西,这对网站来说仍然是新的 xD)

4

1 回答 1

0

假设login包含凭据的同一个表还包含access您要检索的列,那么我已经更改了很多代码

    Dim sqlquerry = "Select * From login where username = @name AND password=@pwd"
    Dim myCommand As New MySqlCommand(sqlquery, connect)
    myCommand.Parameters.AddWithValue("@name", txtuserName.Text)
    myCommand.Parameters.AddWithValue("@pwd", txtpassWord.Text)
    Dim mydata = myCommand.ExecuteReader

    If mydata.HasRows = False Then
        MsgBox("Invalid Login")
    Else
        ' the same record that contains the credentials contains the access field'
        mydata.Read()
        Label3.Text = mydata("access").ToString()
        MsgBox("You are now Loged In!")
    End If

我改变了什么:

  • 删除了字符串连接并添加了适当的参数
  • 删除了 myAdapter 和对它的所有引用(不需要,你不填充 DataTable/DataSet)
  • 删除了 sql22 以及对它的所有引用。这是一个连接,您尝试像命令一样使用
  • 修复了对 HasRows 的检查(返回布尔值而不是整数。您是否使用 Option Strict Off?)
于 2013-04-19T15:55:36.060 回答