为什么参数化查询不起作用

本文介绍了为什么参数化查询不起作用的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

当我在登录表单中检查用户名密码时，我遇到了愚蠢的问题，但是....但是它不起作用...... 我是什么尝试过：

Dim ole as new oledb.oledbcommnd（） ConnectData（）' 数据库连接程序 ole.connection = conn OlemandText = select * from login其中user ='@ usern'和pass ='@ pass' Ole.parameters.add（ @ usern，oledbtype.varchar， 30 ）。value = username ' 用户名是字符串类型变量 ole.parameters.add （ @ pass，oledbtype.varchar， 30 ）。value = password ' 密码是字符串类型变量 Dim dr as oledb.oledbdatareader = ole.executereader 如果 dr.read（）那么 dr.close 返回 true Else Dr.close 返回 false 结束 如果

解决方案

使用参数时，不要对值使用撇号。因此，而不是

OlemandText = select *登录，其中user ='@ usern'和pass ='@ pass'

尝试

OlemandText = select * from login where user = @usern and pass = @pass

另一件事是你应该妥善处理这些物品。最简单的方法是使用使用块。例如，请查看正确执行数据库操作 [ ^ ] 第三件事是您似乎将密码存储为纯文本。如果确实如此，您应该尽快修复它。请查看密码存储：如何操作。 [ ^ ]

I have got silly problem when i check username password in my login form but .... But its not working... What I have tried:

Dim ole as new oledb.oledbcommnd() ConnectData() ' database connection procedure ole.connection = conn OlemandText = "select * from login where user = '@usern' and pass = '@pass'" Ole.parameters.add("@usern",oledbtype.varchar,30).value = username 'username is string type variable ole.parameters.add("@pass",oledbtype.varchar,30).value = password 'password is string type variable Dim dr as oledb.oledbdatareader = ole.executereader if dr.read() then dr.close Return true Else Dr.close Return false End if

解决方案

When you use parameters, you don't use apostrophes for the values. So instead of

OlemandText = "select * from login where user = '@usern' and pass = '@pass'"

try

OlemandText = "select * from login where user = @usern and pass = @pass"

Another thing is that you should properly dispose the objects. The easiest way is to use using block. For examples, have a look at Properly executing database operations[^] And the third thing is that you seem to store the password as plain text. If this really is the case, you should fix it as soon as possible. Have a look at Password Storage: How to do it.[^]