1. 首页
  2. 问答
  3. 如何摆脱从字符串“管理员”到类型“双”的转换无效

如何摆脱从字符串“管理员”到类型“双”的转换无效

2016-02-28 52 views
0

您好,我的登录表单对于我的软件的多个用户存在问题,以下是管理员的完整登录按钮代码如何摆脱从字符串“管理员”到类型“双”的转换无效

Private Sub btnlogin_Click(sender As System.Object, e As System.EventArgs) Handles btnlogin.Click 
    If cmbusertype.Text = "" Then 
     MsgBox("Please select the appropriate Account Type!", vbExclamation, "Account Type") 
    End If 
    If cmbusertype.Text = "Admin" Then 
     Dim Strconn As String = "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\phermacy.mdf;Integrated Security=True;User Instance=True" 
     Dim Selectcmd As String = "select * from tbl_admin where admin_username = '" + txtusername.Text + "' and password = '" + txtpassword.Text + "'" 
     Dim da As New SqlDataAdapter 
     Dim ds As New DataSet 
     Dim sqlcmd As SqlCommand 
     sqlconn = New SqlConnection(Strconn) 
     Try 
      sqlconn.Open() 
     Catch ex As Exception 
      MsgBox("Could not connect to DataBase. Application will close now!", vbCritical, "Database Error") 
      End 
     End Try 
     sqlcmd = New SqlCommand(Selectcmd, sqlconn) 
     da.SelectCommand = sqlcmd 
     sqlcmd.Dispose() 
     sqlconn.Close() 
     da.Fill(ds)

匹配的管理员用户名密码&

If ds.Tables(0).Rows.Count > 0 Then 

        If txtusername.Text = ds.Tables(0).Rows(0).Item(0) And txtpassword.Text = ds.Tables(0).Rows(0).Item(1) Then 
         MsgBox("Administrator Log-in Successful.", vbInformation, "Admin Log-in") 
         Me.Hide() 
         adminform.Show() 

        Else 
         ErrorProvider1.SetError(txtusername, "Invalid User Name.") 
         ErrorProvider1.SetError(txtpassword, "Invalid Password.") 
         MsgBox("Invalid Administrator Username or Password.", vbCritical, "Admin Log-in") 
        End If 

       Else 
        ErrorProvider1.SetError(txtusername, "Invalid User name or Password.") 
        ErrorProvider1.SetError(txtpassword, "Invalid User name or Password.") 
        ErrorProvider1.SetError(cmbusertype, "Please select the appropriate Account Type") 
        MsgBox("Invalid Administrator Username or Password.", vbCritical, "Admin Log-in") 
       End If 
      End If 
     End Sub

代码行强调如下

 If txtusername.Text = ds.Tables(0).Rows(0).Item(0) And txtpassword.Text = ds.Tables(0).Rows(0).Item(1) Then

并且错误是“从字符串”admin“转换为键入'Double'无效。”我刚刚尝试为多个用户创建一个登录名,但是上面的部分正如您所看到的,仅供管理员使用。请在这里的任何帮助将不胜感激。

来源

2016-02-28 GEORGE SUTER

+0

你可能要几件事情要考虑:1。不要在明文密码存储在数据库中,哈希密码,而不是2.上面的代码是使用易受sql注入影响的字符串连接,读取它并使用参数化查询。另外你在VB中使用+作为字符串连接,正确的操作符是&(&符号),这可能是你问题的根源 – Charleh

+0

感谢你的建议,但我已经使用了&运算符,问题依然存在。 –

回答

-1

尝试......

Private Sub btnlogin_Click(sender As System.Object, e As System.EventArgs) Handles btnlogin.Click 
    If cmbusertype.Text = "" Then 
     MsgBox("Please select the appropriate Account Type!", vbExclamation, "Account Type") 
    End If 
    If cmbusertype.Text = "Admin" Then 
     Dim Strconn As String = "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\phermacy.mdf;Integrated Security=True;User Instance=True" 
     Dim Selectcmd As String = "select * from tbl_admin where admin_username = @usernme and password = @paswd" 
     Dim da As New SqlDataAdapter 
     Dim ds As New DataSet 
     Dim sqlcmd As SqlCommand 
     sqlconn = New SqlConnection(Strconn) 
     Try 
      sqlconn.Open() 
     Catch ex As Exception 
      MsgBox("Could not connect to DataBase. Application will close now!", vbCritical, "Database Error") 
      End 
     End Try 
     sqlcmd = New SqlCommand(Selectcmd, sqlconn) 
     sqlcmd.parameters.addwithValue("@usernme",txtusername.Text) 
     sqlcmd.parameters.addwithValue("@paswd",txtpassword.Text) 
     da.SelectCommand = sqlcmd 
     sqlcmd.Dispose() 
     sqlconn.Close() 
     da.Fill(ds)

来源

2016-02-28 10:17:57 Sankar

+0

@downvoter感谢您的回复。你能解释为什么吗? – Sankar

+0

仍然不能正常工作Sankar Raj。任何更多的技巧.. –

+0

@GEORGESUTER由Charleh建议,你的代码是SQL注入的优势,以避免使用参数化查询,因为我更新..试试看,让我知道如果有任何错误... – Sankar

相关问题

 相关问题