我一直在嘗試做的是從我的 sql 表中獲取用戶名、密碼和電子郵件,并通過我在 vb.net 上的登錄表單對其進行驗證。因此,當我在表單中輸入用戶名、密碼和電子郵件時,它應該告訴我登錄是否成功。但是,每當我在登錄表單中輸入我創建的 sql 表 (MembershipInfo) 中的用戶名、密碼和電子郵件時,我總是收到錯誤訊息“用戶名、密碼或電子郵件不正確,請重試”,即使我知道用戶名, 密碼和郵箱是正確的(目前正在看)。我已經在 youtube 上嘗試了多個視頻,甚至在這里以及其他網站上嘗試了一些解決方案,但沒有任何效果。有人可以告訴我我做錯了什么嗎?這是我的 vb 代碼:
Imports System.Data
Imports System.Data.SqlClient
Public Class WebForm1
Inherits System.Web.UI.Page
Public Shared conS As String = "Server= ; Database=Yourdatabase ;Trusted_Connection=Yes;"
Public Shared con As SqlConnection = New SqlConnection(conS)
Protected Sub TextBox8_TextChanged(sender As Object, e As EventArgs) Handles TextBox8.TextChanged
End Sub
Protected Sub Button5_Click(sender As Object, e As EventArgs) Handles Button5.Click
Dim un, pw, em, dbUN, dbPW, dbEM As String
un = TextBox7.Text
pw = TextBox8.Text
em = TextBox9.Text
Dim cmdUN As New SqlCommand("Select UserName from MembershipInfo Where Username = @p1", con)
With cmdUN.Parameters
.Clear()
.AddWithValue("@p1", un)
End With
Dim cmdPW As New SqlCommand("Select Pass from MembershipInfo Where UserName = @p1", con)
With cmdPW.Parameters
.Clear()
.AddWithValue("@p1", un)
End With
Dim cmdEM As New SqlCommand("Select Email from MembershipInfo where UserName = @p1", con)
With cmdEM.Parameters
.Clear()
.AddWithValue("@p1", un)
End With
Try
If con.State = ConnectionState.Closed Then con.Open()
dbUN = cmdUN.ExecuteScalar
dbPW = cmdPW.ExecuteScalar
dbEM = cmdEM.ExecuteScalar
Catch ex As Exception
Response.Write(ex.Message)
Finally
con.Close()
End Try
If un = dbUN And pw = dbPW And em = dbEM Then
MsgBox("Login Sucessful", vbExclamation, "Welcome")
Else
MsgBox("Username, Password or Email does not match, please try again", vbExclamation, "Error")
End If
End Sub
End Class
這是我的 sql 代碼(我不知道它是否需要,但最好謹慎些):
Create Table MembershipInfo
(
MembershipID INT NOT NULL PRIMARY KEY Identity(1,1),
Firstname varchar(50) not null,
Lastname varchar(50) not null,
UserName char(50) not null,
Pass char(50) not null,
Email char(50) not null
);
INSERT INTO MembershipInfo VALUES
('Jaycie', 'Adams', 'Imtotiredforthis', 'Golden1@1', '[email protected]'),
('Bret', 'Steidinger', 'HellowWord', 'Wowwzaa12@', '[email protected]'),
('Rebecca', 'Wong', 'SomethingSomething1@1', 'Outofideas11', '[email protected]'),
('Ciel', 'Phantomhive', 'DownwiththeQeen1@1', 'FellintomytrapWaha22@', '[email protected]'),
('Jane', 'Borden', 'TiredTM4@1', 'Justtakemypasswordalready@3', '[email protected]');
Select * from MembershipInfo;
uj5u.com熱心網友回復:
不要Connection在使用它們的方法之外宣告s。任何公開Dispose方法的資料庫物件都是如此。
為什么不直接使用電子郵件作為用戶名。
Create Table 中的這些行將需要固定長度的字串。根本不是你想要的。堅持varchar或nvarchar。
UserName char(50) not null,
Pass char(50) not null,
Email char(50) not null
我不熟悉您使用的 Insert 語法。
Using 即使出現錯誤,塊也會處理關閉和處理物件。
使用Sql ServerAdd的Parameters集合方法。http://www.dbdelta.com/addwithvalue-is-evil/
和
https://blogs.msmvps.com/jcoehoorn/blog/2014/05/12/can-we-stop-using-addwithvalue-already/
和另一個:https :
//dba.stackexchange.com/questions/195937/addwithvalue-performance-and-plan-cache-implications
這是另一個
https://andrevdm.blogspot.com/2010/12/parameterised-queriesdont-use .html
嘗試為您的控制元件使用有意義的名稱。
Protected Sub Button5_Click(sender As Object, e As EventArgs) Handles Button5.Click
If IsLoginValid(txtEmail.Text, txtPassword.Text) Then
MsgBox("Login Sucessful", vbExclamation, "Welcome")
Else
MsgBox("Username, Password or Email does not match, please try again", vbExclamation, "Error")
End If
End Sub
Private Function IsLoginValid(email As String, pword As String) As Boolean
Dim RetVal As Integer
Using cn As New SqlConnection(conS),
cmd As New SqlCommand("Select Count(*) From MembershipInfo Where Email = @Name And Pass = @Pass")
cmd.Parameters.Add("@Name", SqlDbType.VarChar, 50).Value = email
cmd.Parameters.Add("@Pass", SqlDbType.VarChar, 50).Value = pword
cn.Open()
RetVal = CInt(cmd.ExecuteScalar)
End Using
If RetVal = 1 Then
Return True
End If
Return False
End Function
這段代碼最糟糕的部分是您將密碼存盤為純文本。密碼應該在存盤前加鹽和散列。
轉載請註明出處,本文鏈接:https://www.uj5u.com/shujuku/367134.html
標籤:网站 sql-server 网络 验证 网络表格