1. 首页
  2. 问答
  3. 连接到SQL Server

连接到SQL Server

2016-05-13 183 views
0 
Public Class Form1 

    Private Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click 
     Dim con As New SqlClient.SqlConnection(MYConnection.MYconnectionString) 
     con.Open() 
     Dim dr As SqlClient.SqlDataReader 
     Dim cmd As New SqlClient.SqlCommand("select * from [User] where UserName=" + txtuser.Text + " and UserPass= " + txtpassword.Text + "", con) 
     dr = cmd.ExecuteReader 
     If dr.Read Then 
      MsgBox("Welcome") 
     End If 
     con.Close() 

    End Sub 
End Class

这是我的登录表单我的代码..每当我运行该程序,并输入自己的用户名和密码,会出现这种情况:连接到SQL Server

这是MyConnection.vb是我使用连接到我的数据库

Public Class MYConnection 

    Public Shared MYconnectionString As String = "Server=CLAIRETUMLOS\SQLEXPRESS;Database=Capstone;Integrated Security=True;" 

End Class

这里是我的dbo.User表

来源

2016-05-13 Jinx

+0

你缺少蜱周围的数据。这种事情不会发生使用SQL参数。你的代码也不会失败,像'O'Brien'这样的名字。不要将密码存储为纯文本。 – Plutonix

回答

1

你缺少字符串领域的',但我建议你使用的参数,以避免SQL注入,像这样:

Private Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click 
    Dim con As New SqlClient.SqlConnection(MYConnection.MYconnectionString) 
    con.Open() 
    Dim dr As SqlClient.SqlDataReader 
    Dim cmd As New SqlClient.SqlCommand("select * from [User] where [email protected] and [email protected]", con) 
    cmd.Parameters.AddWithValue("@UserName", txtuser.Text) 
    cmd.Parameters.AddWithValue("@UserPass", txtpassword.Text) 
    dr = cmd.ExecuteReader 
    If dr.Read Then 
     MsgBox("Welcome") 
    End If 
    con.Close() 
End Sub

来源

2016-05-13 15:50:19

相关问题

 相关问题