本文介绍了为什么参数化查询不起作用的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
当我在登录表单中检查用户名密码时,我遇到了愚蠢的问题,但是....但是它不起作用...... 我是什么尝试过:
Dim ole as new oledb.oledbcommnd() ConnectData()' 数据库连接程序 ole.connection = conn OlemandText = select * from login其中user ='@ usern'和pass ='@ pass' Ole.parameters.add( @ usern,oledbtype.varchar, 30 )。value = username ' 用户名是字符串类型变量 ole.parameters.add ( @ pass,oledbtype.varchar, 30 )。value = password ' 密码是字符串类型变量 Dim dr as oledb.oledbdatareader = ole.executereader 如果 dr.read()那么 dr.close 返回 true Else Dr.close 返回 false 结束 如果解决方案
使用参数时,不要对值使用撇号。因此,而不是 OlemandText = select *登录,其中user ='@ usern'和pass ='@ pass'
尝试
OlemandText = select * from login where user = @usern and pass = @pass另一件事是你应该妥善处理这些物品。最简单的方法是使用使用块。例如,请查看正确执行数据库操作 [ ^ ] 第三件事是您似乎将密码存储为纯文本。如果确实如此,您应该尽快修复它。请查看密码存储:如何操作。 [ ^ ]
I have got silly problem when i check username password in my login form but .... But its not working... What I have tried:
Dim ole as new oledb.oledbcommnd() ConnectData() ' database connection procedure ole.connection = conn OlemandText = "select * from login where user = '@usern' and pass = '@pass'" Ole.parameters.add("@usern",oledbtype.varchar,30).value = username 'username is string type variable ole.parameters.add("@pass",oledbtype.varchar,30).value = password 'password is string type variable Dim dr as oledb.oledbdatareader = ole.executereader if dr.read() then dr.close Return true Else Dr.close Return false End if 解决方案 When you use parameters, you don't use apostrophes for the values. So instead of OlemandText = "select * from login where user = '@usern' and pass = '@pass'"try
OlemandText = "select * from login where user = @usern and pass = @pass"Another thing is that you should properly dispose the objects. The easiest way is to use using block. For examples, have a look at Properly executing database operations[^] And the third thing is that you seem to store the password as plain text. If this really is the case, you should fix it as soon as possible. Have a look at Password Storage: How to do it.[^]
更多推荐
为什么参数化查询不起作用
发布评论