使用MS SQL Server在VB.net中使用多用户登录表单
我的项目遇到了问题,这是一个涉及数据库中多个用户的项目。
我不明白SqlDataReader是怎么工作的。即使在我的代码中使用两次,它也不会显示任何错误。不知何故,SqlDataReader只执行第一个If,而不执行第二个If。为什么数据读取器不执行第二个?目前,我正在使用Visual basic 2019和SQL Server 2018。
下面是我的代码:
Imports System.Data.SqlClient
Public Class Loaning_Login
Private Sub BtnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
Dim conn As New SqlConnection
If txtUsername.Text = "" Or txtPassword.Text = "" Then
MessageBox.Show("Please fill in all fields.", "Login Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Else
conn.ConnectionString = "Data Source=NECRONOMICON\SQLEXPRESS01;Initial Catalog=Register;Integrated Security=True;"
Try
Dim sql As String = "SELECT Username, Password FROM [Register].[dbo].[RegisterList] WHERE Username='" & txtUsername.Text & "' AND Password='" & txtPassword.Text & "'"
Dim cmd As New SqlCommand(sql, conn)
cmd.Connection = conn
conn.Open()
Dim dr As SqlDataReader = cmd.ExecuteReader
If dr.Read = True Then
sql = "SELECT Username, Password FROM [Register].[dbo].[RegisterList] WHERE Username ='Joshua' " & "WHERE Password ='Maria' "
Me.Hide()
MessageBox.Show("W E L C O M E !")
Loaner_Status10.Show()
If sql = "SELECT Username, Password FROM [Register].[dbo].[RegisterList] WHERE Username = 'Gabby'" & "WHERE Password = 'Nanamin' " Then
Me.Hide()
MessageBox.Show("W E L C O M E !")
Admin_control_interface.Show()
End If
Else
MessageBox.Show("Incorrect Username or Password.", "Login Failed", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)
End If
Catch ex As Exception
MessageBox.Show("Failed to connect to databse. System Error:" & ex.Message, "Database Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try
If conn.State <> ConnectionState.Closed Then
conn.Close()
End If
End If
End Sub在输入用户名(Gabby)和密码(Nanamin)时,必须显示Admin_control_interface表单,但Loaner_Status10表单一直显示
回答 2
Stack Overflow用户
发布于 2019-09-17 15:32:32
当您选择from database时,您将获取列中的值,这些值将由datareader读取。要读取您不检查是否为sql的值,只需添加另一列来指示用户是否具有管理员权限,就像布尔值一样,但格式为varchar True/False "isAdmin“,并进行如下检查:
if dr.hasrows then
if dr("isAdmin").tostring = "True" then
'user is admin'''
else
'user is not admin'''
end if
else
msgbox("Access Denied")
end if希望这就是你要找的
顺便说一句
WHERE Username = 'Gabby'" & "WHERE Password = 'Nanamin' "将给您一个错误,因为GabbyWHERE之间没有空格
我会这样说:
...WHERE Username = 'Gabby' AND Password = 'Nanamin'"Stack Overflow用户
发布于 2019-09-18 10:53:15
@Devcon发布的答案就是你需要的,应该被接受。我只是在填写一些关于如何实现这一点的细节。
请注意,所有数据库对象都包含在Using...End Using块中。这可确保即使出现错误,也会关闭并释放数据库对象。
连接字符串直接传递给连接的构造函数,sql语句和连接直接传递给Command的构造函数。
Sql语句是参数化的。永远不要连接字符串来构建sql语句。它向sql注入打开您的数据库。
首先,您需要向RegisterList表中添加一列,以指示用户是否为管理员。我们将其设置为Sql Server中的bit数据类型的Boolean列。您将能够添加True或False的值。你只会这样做一次。它通常不会是你的程序的一部分。
Private Sub AddColumn()
Using cn As New SqlConnection("Data Source=NECRONOMICON\SQLEXPRESS01;Initial Catalog=Register;Integrated Security=True;")
Using cmd As New SqlCommand("Alter Table RegisterList Add IsAdministrator bit;", cn)
cn.Open()
cmd.ExecuteNonQuery()
End Using
End Using
End Sub接下来,更新用户记录以反映其管理状态。这通常是使用原始Insert命令创建用户记录的一部分,而不是在更新中完成。
Private Sub AddAdminStatus()
Using cn As New SqlConnection("Data Source=NECRONOMICON\SQLEXPRESS01;Initial Catalog=Register;Integrated Security=True;")
Using cmd As New SqlCommand("Update RegisterList Set IsAdministrator = @IsAdmin Where Username = @Name")
cmd.Parameters.Add("@IsAdmin", SqlDbType.Bit)
cmd.Parameters.Add("@Name", SqlDbType.VarChar, 100)
cmd.Parameters("@IsAdmin").Value = False
cmd.Parameters("@Name").Value = "Joshua"
cmd.ExecuteNonQuery()
cmd.Parameters("@Name").Value = "Gabby"
cmd.Parameters("@IsAdmin").Value = True
cmd.ExecuteNonQuery()
End Using
End Using
End Sub最后,我们可以验证输入。Select命令仅调用IsAdministrator列的值。如果此列中没有匹配的记录或值,则返回Nothing。
Private Sub BtnLogin_Click(sender As Object, e As EventArgs) Handles btnLogin.Click
If txtUsername.Text = "" OrElse txtPassword.Text = "" Then
MessageBox.Show("Please fill in all fields.", "Login Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Return
End If
Dim RetVal As Object
Using conn As New SqlConnection("Data Source=NECRONOMICON\SQLEXPRESS01;Initial Catalog=Register;Integrated Security=True;")
Using cmd As New SqlCommand("SELECT IsAdministrator FROM RegisterList WHERE Username= @UserName AND Password= @Password;", conn)
cmd.Parameters.Add("@UserName", SqlDbType.VarChar, 100).Value = txtUsername.Text
cmd.Parameters.Add("@Password", SqlDbType.VarChar, 100).Value = txtPassword.Text
conn.Open()
RetVal = cmd.ExecuteScalar 'Returns a single value, the first column or the first row of the result set
End Using
End Using
If RetVal Is Nothing Then
MessageBox.Show("Sorry, your login is not valid or your have no status assigned")
ElseIf CBool(RetVal) Then
MessageBox.Show("Welcome")
Admin_control_interface.Show()
Hide()
Else
Loaner_Status10.Show()
Hide()
End If
End Sub最后,密码永远不应该以纯文本形式存储。这是你的老师的错。在教你登录之前,应该先教你加盐和散列密码的过程。
https://stackoverflow.com/questions/57967340
复制相似问题
腾讯云开发者
