1

我想改变这个参数化查询

On Error Resume Next
        Dim timex As String
        Dim isigroup As DataTable
        objdata = New clsMSSQL
        isigroup = objdata.QueryDatabase("SELECT * FROM Userx WHERE Username='" & txtuser.Text & "' AND Userpass ='" & txtpassword.Text & "'")
        If isigroup.Rows.Count > 0 Then
            For i = 0 To isigroup.Rows.Count - 1
                If isigroup.Rows(i)("username") <> txtuser.Text Or isigroup.Rows(i)("userpass") <> txtpassword.Text Then
                    MsgBox("Access denied username and password !!!", MsgBoxStyle.Information, "Attention.....")
                    xcountx = xcountx + 1
                    If xcountx >= 3 Then
                        MsgBox("You have reach the maximum time of login !!", MsgBoxStyle.Exclamation, "Προσοχή.....")
                        End
                    End If
                    Exit Sub
                End If
            Next
            username = isigroup.Rows(0)("Username")
            xUser_ID = isigroup.Rows(0)("User_id")
            xUser_Access = isigroup.Rows(0)("Access_Type")
            timex = TimeOfDay
            isigroup = objdata.QueryDatabase("INSERT INTO Audit_Log (User_ID, Login) VALUES(" & xUser_ID & ", '" & timex & "')")
            isigroup = objdata.QueryDatabase("SELECT * FROM Audit_Log ORDER BY LOG_ID DESC")
            LOGID = isigroup.Rows(0)("LOG_ID")
            Audit_Trail(xUser_ID, TimeOfDay, "Login to system ")

我尝试了很多,但我无法做到,请帮忙

这是课

Imports System.Data.SqlClient

Public Class clsMSSQL

    Public Shared con As New SqlConnection(constring)
    Private DbSwtable As DataTable

    Public Function QueryDatabase(ByVal Query As String) As DataTable

        Try
            Dim objDataSet As New DataSet
            Dim objDataTable As New DataTable
            Dim objDataAdapter As New SqlDataAdapter(Query, con)
            objDataAdapter.Fill(objDataSet, "DefaultTable")
            objDataTable = objDataSet.Tables("DefaultTable")
            con.Close()

            Return objDataTable
        Catch ex As Exception
            MessageBox.Show(ex.Message, "Λάθος", MessageBoxButtons.OK, MessageBoxIcon.Error)

            Return DbSwtable
        End Try
    End Function
4

2 回答 2

3

像这样编辑函数 QueryDataBase:

添加参数usernamepassword使用SelectCommandDataAdapter 的属性。还将函数的名称从 QueryDatabase 更改为GetUserData.

Public Function GetUserData(username as string, password as string) As DataTable
        Try
            Dim objDataSet As New DataSet
            Dim objDataTable As New DataTable
            Dim sql As String = "SELECT * FROM Userx WHERE Username=@Username AND Userpass=@Userpass"
            Dim objDataAdapter As New SqlDataAdapter()
            Dim selectCmd as new SqlCommand(sql, con)
            selectCmd.Parameters.Add("@Username", SqlDbType.Varchar).Value = UserName 
            selectCmd.Parameters.Add("@UserPass", SqlDbType.Varchar).Value =Password 
            objDataAdapter.SelectCommand = selectCmd;
            objDataAdapter.Fill(objDataSet, "DefaultTable")
            objDataTable = objDataSet.Tables("DefaultTable")
            con.Close()

            Return objDataTable
        Catch ex As Exception
            MessageBox.Show(ex.Message, "Λάθος", MessageBoxButtons.OK, MessageBoxIcon.Error)

            Return DbSwtable
        End Try
    End Function

然后从 UI 中调用函数,如下所示:

isigroup = objdata.GetUserData(txtuser.Text, txtpassword.Text)
于 2013-06-29T15:01:48.187 回答
1

Fabian 答案的修改版本:像这样编辑函数 QueryDataBase:

为用户名和密码哈希添加参数,并使用 DataAdapter 的 SelectCommand 属性。还将函数的名称从 QueryDatabase 更改为 GetUserData。

Public Function GetUserData(username as string, PassHash as string) As DataTable
    Try
        Dim objDataSet As New DataSet
        Dim objDataTable As New DataTable
        Dim sql As String = "SELECT * FROM Userx WHERE Username=@Username AND PassHash =@PassHash"
        Dim objDataAdapter As New SqlDataAdapter()
        Dim selectCmd as new SqlCommand(sql, con)
        selectCmd.Parameters.Add("@Username", SqlDbType.Varchar).Value = UserName 
        selectCmd.Parameters.Add("@PassHash", SqlDbType.Varchar).Value =PassHash 
        objDataAdapter.SelectCommand = selectCmd;
        objDataAdapter.Fill(objDataSet, "DefaultTable")
        objDataTable = objDataSet.Tables("DefaultTable")
        con.Close()

        Return objDataTable
    Catch ex As Exception
        MessageBox.Show(ex.Message, "Λάθος", MessageBoxButtons.OK, MessageBoxIcon.Error)

        Return DbSwtable
    End Try
End Function

然后从 UI 中调用函数,如下所示:

isigroup = objdata.GetUserData(txtuser.Text, gethash(txtpassword.Text))
于 2013-06-29T17:07:45.207 回答