VB2010错误“system.data.dll中发生类型'system.invalidoperationexception'的第一次机会异常” [英] VB2010 error "a first chance exception of type 'system.invalidoperationexception' occurred in system.data.dll "

问题描述

当我尝试调试时，我的立即窗口中出现此错误。我试图将数据插入Microsoft Access中的表。此外，似乎我无法连接到数据库。这是我的代码。



Private Sub Button3_Click（ByVal sender As System.Object，ByVal e As System.EventArgs）处理Button3.Click

'检查用户名或密码是否为空

如果PasswordTextBox.Text =或UsernameTextBox.Text =那么

MessageBox.Show（请完成必填字段..，身份验证错误，MessageBoxButtons.OK，MessageBoxIcon.Error）

否则

'两个字段均为供应

'检查用户是否存在于数据库中

'连接到数据库

Dim conn As New System.Data.OleDb.OleDbConnection（）

conn。 ConnectionString =Provider = Microsoft.ACE.OLEDB.12.0; Data Source = C：\ Users\user1 \Documents\PutLock.accdb



试试

'conn.Open（）

'MsgBox（成功）



Dim sql As String =SELECT * FROM PutLockSignUp WHERE Username ='& UsernameTextBox.Text& '和密码='& PasswordTextBox.Text& '

Dim sqlCom As New System.Data.OleDb.OleDbCommand（sql，conn）



'打开数据库连接
sqlCom.Connection = conn

conn.Open（）



Dim sqlRead As System.Data.OleDb.OleDbDataReader = sqlCom.ExecuteReader（）



如果是sqlRead.Read（）那么

Form2.Show（）

我。隐藏（）



否则

'如果用户输入错误的用户名和密码组合

'抛出错误消息

MessageBox.Show（用户名和密码不匹配..，身份验证失败，MessageBoxButtons.OK，MessageBoxIcon.Exclamation）



'清除所有字段

PasswordTextBox.Text =

UsernameTextBox.Text =



'专注于用户名字段

UsernameTextBox.Focus（）

结束如果



Catch ex As Exception

MessageBox.Show（无法连接到数据库..，数据库连接错误，MessageBoxButtons。好的，MessageBoxIcon.Error）

结束尝试



结束如果

结束子



我尝试了什么：



我试图在谷歌搜索解决方案，但我无法理解一些解释，因为我在VB.NET中仍然是新手。顺便说一下，这是我的学校作业。请帮助我。

Hi, I got this error in my Immediate Window when I try to debug. I am trying to insert data into a table in Microsoft Access. Also it seems that I failed to connect to database. Here is the code that I have.

Private Sub Button3_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button3.Click
' Check if username or password is empty
If PasswordTextBox.Text = "" Or UsernameTextBox.Text = "" Then
MessageBox.Show("Please complete the required fields..", "Authentication Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
Else
' Both fields was supply
' Check if user exist in database
' Connect to DB
Dim conn As New System.Data.OleDb.OleDbConnection()
conn.ConnectionString = "Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\user1\Documents\PutLock.accdb"

Try
'conn.Open()
'MsgBox("Success")

Dim sql As String = "SELECT * FROM PutLockSignUp WHERE Username='" & UsernameTextBox.Text & "' AND Password = '" & PasswordTextBox.Text & "'"
Dim sqlCom As New System.Data.OleDb.OleDbCommand(sql, conn)

'Open Database Connection
sqlCom.Connection = conn
conn.Open()

Dim sqlRead As System.Data.OleDb.OleDbDataReader = sqlCom.ExecuteReader()

If sqlRead.Read() Then
Form2.Show()
Me.Hide()

Else
' If user enter wrong username and password combination
' Throw an error message
MessageBox.Show("Username and Password do not match..", "Authentication Failure", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)

'Clear all fields
PasswordTextBox.Text = ""
UsernameTextBox.Text = ""

'Focus on Username field
UsernameTextBox.Focus()
End If

Catch ex As Exception
MessageBox.Show("Failed to connect to Database..", "Database Connection Error", MessageBoxButtons.OK, MessageBoxIcon.Error)
End Try

End If
End Sub

What I have tried:

I have tried searching for solution in google but I couldnt understand some of the explanation as I am still new in VB.NET. Btw, this is my school assignment. Please help me.

推荐答案

这里有几件事非常错误。

首先，你不应该连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。

作为登录过程的一部分，串联字符串非常愚蠢，因为它允许任何人在没有有效登录的情况下对数据库执行他们想要的操作。或者确实完全绕过你的登录...



第二个也是坏的：绝不以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息：密码存储：如何做到这一点。 [ ^ ] - 它在C＃而不是VB，但它很容易理解。



修复它们，你注意到的问题将会可能会在同一时间消失......

There are several things very wrong here.
The first is that you should never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Concatenating strings as part of your login procedure is spectacularly dumb, as it lets anyone do what they want to your DB without even having a valid login. Or indeed bypassing your login completely...

The second is as bad: Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^] - it's in C# rather than VB, but it pretty simple to understand.

Fix them, and the problem you have noticed will probably go away at the same time...

这篇关于VB2010错误“system.data.dll中发生类型'system.invalidoperationexception'的第一次机会异常”的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！