1. 首頁
  2. 問答
  3. 連接到SQL Server

連接到SQL Server

2016-05-13 181 views
0 
Public Class Form1 

    Private Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click 
     Dim con As New SqlClient.SqlConnection(MYConnection.MYconnectionString) 
     con.Open() 
     Dim dr As SqlClient.SqlDataReader 
     Dim cmd As New SqlClient.SqlCommand("select * from [User] where UserName=" + txtuser.Text + " and UserPass= " + txtpassword.Text + "", con) 
     dr = cmd.ExecuteReader 
     If dr.Read Then 
      MsgBox("Welcome") 
     End If 
     con.Close() 

    End Sub 
End Class

這是我的登錄表單我的代碼..每當我運行該程序,並輸入自己的用戶名和密碼,會出現這種情況:連接到SQL Server

這是MyConnection.vb是我使用連接到我的數據庫

Public Class MYConnection 

    Public Shared MYconnectionString As String = "Server=CLAIRETUMLOS\SQLEXPRESS;Database=Capstone;Integrated Security=True;" 

End Class

這裏是我的dbo.User表

來源

2016-05-13 Jinx

+0

你缺少蜱周圍的數據。這種事情不會發生使用SQL參數。你的代碼也不會失敗,像'O'Brien'這樣的名字。不要將密碼存儲爲純文本。 – Plutonix

回答

1

你缺少字符串領域的',但我建議你使用的參數,以避免SQL注入,像這樣:

Private Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click 
    Dim con As New SqlClient.SqlConnection(MYConnection.MYconnectionString) 
    con.Open() 
    Dim dr As SqlClient.SqlDataReader 
    Dim cmd As New SqlClient.SqlCommand("select * from [User] where [email protected] and [email protected]", con) 
    cmd.Parameters.AddWithValue("@UserName", txtuser.Text) 
    cmd.Parameters.AddWithValue("@UserPass", txtpassword.Text) 
    dr = cmd.ExecuteReader 
    If dr.Read Then 
     MsgBox("Welcome") 
    End If 
    con.Close() 
End Sub

來源

2016-05-13 15:50:19

相關問題

 相關問題