-1

当有人单击按钮时,我无法验证用户名和密码。我有两个名为user_logon_id和的文本框user_password

我有一个名为MyUsers的表,我想验证用户名(user_logon_id)和密码(user_password)是否在同一行。如果它们不匹配,它应该通知用户。如果确实匹配,则将它们定向到userAdmin.aspx.

我正在使用 Microsoft Visual Studio 2008。我对此真的很陌生,并且真的很想了解这一点。我不需要担心加密密码。

4

1 回答 1

-1

您可以在调试器中运行它并验证查询是否返回一行?

一些建议:

考虑像这样参数化您的查询:

 Dim conn As New SqlConnection(_connectionString)
 conn.Open()
 Dim s As String = "SELECT user_password FROM MyUsers WHERE user_logon_id = @user_login_id"
 Dim cmd As New SqlCommand(s)
 cmd.Parameters.Add("@user_login_id", Me.user_logon_id.Text)
 Dim reader As SqlDataReader = cmd.ExecuteReader()

以某种方式散列密码

考虑从用户名和密码匹配的数据库表中进行选择。如果结果是一条记录,则登录成功。

     Dim s As String = "SELECT userid FROM MyUsers WHERE user_logon_id = @user_login_id and user_password=@user_password"

完整代码

Protected Sub butSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles butSubmit.Click

Dim myReader As Data.SqlClient.SqlDataReader
Dim mySqlConnection As Data.SqlClient.SqlConnection
Dim mySqlCommand As Data.SqlClient.SqlCommand

'Establish the SqlConnection by using the configuration manager to get the connection string in our web.config file.
mySqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString1").ToString())
Dim sql As String = "SELECT userid FROM MyUsers WHERE user_logon_id = @user_login_id and user_password=@user_password"

mySqlCommand = New Data.SqlClient.SqlCommand(sql, mySqlConnection)

 cmd.Parameters.Add("@user_login_id", Me.user_logon_id.Text)
 cmd.Parameters.Add("@user_password", Me.user_password.Text)

Try
    mySqlConnection.Open()
    myReader = mySqlCommand.ExecuteReader()

    If (myReader.HasRows) Then    
            'Open page with users and roles
            Dim message As String = "Correct password"
            Dim style As MsgBoxStyle = MsgBoxStyle.OkOnly
            Dim title As String = "Authenticated"
            MsgBox(message, style, title)
    End If

Catch ex As Exception
    Console.WriteLine(ex.ToString())
Finally
    If Not (myReader Is Nothing) Then
        myReader.Close()
    End If

    If (mySqlConnection.State = Data.ConnectionState.Open) Then
        mySqlConnection.Close()
    End If

End Try

End Sub
于 2013-06-21T20:03:59.830 回答