我每次尝试使用不正确的详细信息登录时都会收到此错误,这些信息应显示消息框“无效的用户名...”,如果没有输入详细信息,则应显示“请输入...
conn = New MySqlConnection conn.ConnectionString = "server=localhost; userid=root; password=...; database=..." Dim reader As MySqlDataReader Try conn.Open() Dim Query As String Query = "SELECT Username, Password, Admin FROM appointments.tblLogin WHERE Username='" & TextBox_Username.Text & "' AND Password='" & TextBox_Password.Text & "' " cmd = New MySqlCommand(Query, conn) reader = cmd.ExecuteReader Dim count As Integer count = 0 While reader.Read count = count + 1 End While If reader.GetInt32("Admin") = 1 Then AdminMainMenu.Show() Me.Hide() ElseIf reader.GetInt32("Admin") = 0 Then MainMenu.Show() Me.Hide() Else MessageBox.Show("Invalid username or password") End If If TextBox_Username.Text.Equals("") And TextBox_Password.Text.Equals("") Then MessageBox.Show("Please enter a username and password") End If conn.Close() Catch ex As MySqlException MessageBox.Show(ex.GetBaseException.ToString) Finally conn.Dispose() End TryI receive this error every time I try log in with incorrect details which should show a message-box "invalid username..." and when no details are entered it should show "please enter...
conn = New MySqlConnection conn.ConnectionString = "server=localhost; userid=root; password=...; database=..." Dim reader As MySqlDataReader Try conn.Open() Dim Query As String Query = "SELECT Username, Password, Admin FROM appointments.tblLogin WHERE Username='" & TextBox_Username.Text & "' AND Password='" & TextBox_Password.Text & "' " cmd = New MySqlCommand(Query, conn) reader = cmd.ExecuteReader Dim count As Integer count = 0 While reader.Read count = count + 1 End While If reader.GetInt32("Admin") = 1 Then AdminMainMenu.Show() Me.Hide() ElseIf reader.GetInt32("Admin") = 0 Then MainMenu.Show() Me.Hide() Else MessageBox.Show("Invalid username or password") End If If TextBox_Username.Text.Equals("") And TextBox_Password.Text.Equals("") Then MessageBox.Show("Please enter a username and password") End If conn.Close() Catch ex As MySqlException MessageBox.Show(ex.GetBaseException.ToString) Finally conn.Dispose() End Try最满意答案
MySqlDataReader只能向前移动,一旦到达命令检索到的行的末尾,它就无法返回读取前一行。 用于计算行数的循环将读取器移动到数据流的末尾。 因此,尝试阅读Admin字段会导致异常。
If TextBox_Username.Text.Equals("") And _ TextBox_Password.Text.Equals("") Then MessageBox.Show("Please enter a username and password") Return End If .... opening and executing the command code.... If reader.Read Then Dim isAdmin = (reader.GetInt32("Admin") = 1) If isAdmin Then AdminMainMenu.Show() Me.Hide() Else Then MainMenu.Show() Me.Hide() End If Else MessageBox.Show("Invalid username or password") End If conn.Close()请注意,我已经删除了循环并在Read方法周围使用了一个简单的if / else语句来显示错误消息,并且我已经更改了Admin标志的读取,创建了一个布尔变量来简化if块的真实部分内部的逻辑。
说,你需要看一下如何构建参数化查询,因为构建命令文本的字符串连接会将你的程序暴露给Sql注入攻击(更不用说语法错误,如果你的某些文本框包含单引号,请尝试...)
还要考虑从安全角度来看,您绝不应以明文形式在数据库中存储密码。 始终使用密码的哈希值
The MySqlDataReader can move forward-only, once it reaches the end of the rows retrieved by the command, it cannot go back to read previous rows. The loop used to count the number of rows moves the reader to the end of the data stream. So trying to read the Admin field result in an exception.
If TextBox_Username.Text.Equals("") And _ TextBox_Password.Text.Equals("") Then MessageBox.Show("Please enter a username and password") Return End If .... opening and executing the command code.... If reader.Read Then Dim isAdmin = (reader.GetInt32("Admin") = 1) If isAdmin Then AdminMainMenu.Show() Me.Hide() Else Then MainMenu.Show() Me.Hide() End If Else MessageBox.Show("Invalid username or password") End If conn.Close()Notice that I have removed the loop and used a simple if/else statement around the Read method to display the error message and I have changed the reading of the Admin flag creating a boolean variable to simplify the logic inside the true part of the if block.
Said that, you need to look at how build parameterized queries because your string concatenation to build the commandtext exposes your program to Sql Injection Attacks (not to mention syntax errors if some of your textbox contains a single quote, try it...)
Consider also that from a security standpoint you should never store passwords in the database in clear text. Use always an hash of the password
更多推荐
发布评论