0

我有一个关于“无效操作异常未处理”的错误

我的代码是这样的:

 Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
    sql = "select * from tb_user where user_name='" + TxtUser.Text + "' and user_password='" + txtPass.Text + "'"
    cmd = New SqlCommand(sql, con)
    rd = cmd.ExecuteReader
    If (rd.HasRows) Then
        rd.Read()
        If rd.Item("user_position") = "Manager" Then
            Form5.MasterDataToolStripMenuItem.Visible = False
            Form5.mTransaction.Visible = False
            Form5.mReport.Visible = True
            Form5.mSetting.Visible = False
        ElseIf rd.Item("user_position") = "Admin" Then
            Form5.MasterDataToolStripMenuItem.Visible = True
            Form5.mTransaction.Visible = True
            Form5.mReport.Visible = False
            Form5.mSetting.Visible = True
        ElseIf rd.Item("user_position") = "Operator" Then
            Form5.MasterDataToolStripMenuItem.Visible = False
            Form5.mTransaction.Visible = True
            Form5.mReport.Visible = True
            Form5.mSetting.Visible = False
        End If
        Form5.useractive.Text = rd.Item("user_name")
        Form5.Statusposition.Text = rd.Item("user_position")
        Form5.ShowDialog()
    Else
        MsgBox("Access Denied! Check Username And Password!")
        TxtUser.Clear()
        txtPass.Clear()
        TxtUser.Focus()
    End If
End Sub

并且错误说“ExecuteReader:连接属性尚未初始化。” 在这段代码中:

 rd = cmd.ExecuteReader

我不知道我的代码有什么问题。有人可以帮助我吗?我只是这里的新手。谢谢。

4

2 回答 2

0

我怀疑您没有正确设置您在此处使用的“con”变量:

cmd = New SqlCommand(sql, con)

请不要像这样使用字符串连接生成 SQL 查询。使用参数化查询: 如何创建参数化 SQL 查询?我为什么要?

于 2017-07-21T06:54:40.427 回答
0 
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Using (con = New SqlClient.SqlConnection(yourconnectionString))
    Try
        con.Open();
        Dim sqlQuery As String = "select * from tb_user where user_name='" + TxtUser.Text + "' and user_password='" + txtPass.Text + "'"
        Dim sqlCommand As SqlClient.SqlCommand = New SqlClient.SqlCommand(sqlQuery, con)
        rd = sqlCommand.ExecuteReader()

        If (rd.HasRows) Then
            rd.Read()
            If rd.Item("user_position") = "Manager" Then
                Form5.MasterDataToolStripMenuItem.Visible = False
                Form5.mTransaction.Visible = False
                Form5.mReport.Visible = True
                Form5.mSetting.Visible = False
            ElseIf rd.Item("user_position") = "Admin" Then
                Form5.MasterDataToolStripMenuItem.Visible = True
                Form5.mTransaction.Visible = True
                Form5.mReport.Visible = False
                Form5.mSetting.Visible = True
            ElseIf rd.Item("user_position") = "Operator" Then
                Form5.MasterDataToolStripMenuItem.Visible = False
                Form5.mTransaction.Visible = True
                Form5.mReport.Visible = True
                Form5.mSetting.Visible = False
            End If
            Form5.useractive.Text = rd.Item("user_name")
            Form5.Statusposition.Text = rd.Item("user_position")
            Form5.ShowDialog()
        Else
            MsgBox("Access Denied! Check Username And Password!")
            TxtUser.Clear()
            txtPass.Clear()
            TxtUser.Focus()
        End If

    Catch ex As Exception

    End Try
End Using

结束子

于 2017-07-21T07:39:49.197 回答