登录帮助 [英] Log in help
问题描述
Public Sub logInWorker()
     如果log_id.Text =""然后
          MsgBox("请输入ID",MsgBoxStyle.Information)
          log_id.Focus()
      ElseIf log_pw.Text =""然后
          MsgBox("请输入您的密码",MsgBoxStyle.Information)
          log_pw.Focus()
$
     否则
          '得到工人姓名的身份
          getQuery =" SELECT registrationform.worker_id FROM registrationform WHERE registrationform.worker_password ='" &安培; log_pw.Text& "'AND registrationform.worker_id ='" &安培; log_id.Text&
"'"
          getCommand = New MySqlCommand(getQuery,MySQLConnection)
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; getReader = getCommand.ExecuteReader()< - IM在这里犯错误
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP;如果getReader.Read = True则为
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; getID =(getReader.Item(" worker_id")。ToString)
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; MsgBox("欢迎!",MsgBoxStyle.Information)
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; getReader.Close()
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; getTimeButtons()
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; disableLogIn()
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP;否则
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; MsgBox("不正确的全名和/或密码!",MsgBoxStyle.Information)
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; &NBSP; log_pw.Focus()
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP;结束如果
&NBSP; &NBSP; &NBSP; &NBSP; &NBSP; getReader.Close()
$
&NBSP; &NBSP; &NBSP;结束如果
&NBSP;结束点¥
---------------
请帮帮我:(谢谢你
你好,
不知道错误我会让你创建两个
参数,而不是使用字符串连接SELECT语句。
为什么使用参数?
- 防止SQL注入
- 句柄(在此case)格式化字符串,例如,如果存在未转义的撇号,则会导致语法错误。
以下内容在SQL-Server中完成,但可以很容易Visual Studio之外的MySql
DECLARE @CompanyName AS NVARCHAR(MAX)='Joe company';
SELECT CustomerIdentifier FROM Customers WHERE CompanyName = @ CompanyName上述内容有效,而以下是inval id因为嵌入的撇号
DECLARE @CompanyName AS NVARCHAR(MAX)='Joe's company';
SELECT CustomerIdentifier FROM Customers WHERE CompanyName = @CompanyName在代码中使用参数我们最终会得到
DECLARE @CompanyName AS NVARCHAR(MAX)='Joe'的公司';
SELECT CustomerIdentifier FROM Customers WHERE CompanyName = @CompanyName底线,使用参数,其次总是在代码外测试(参见< a href ="https://social.technet.microsoft.com/wiki/contents/articles/51356.writing-sql-for-your-application.aspx">
我的TechNet文章)。
Public Sub logInWorker()
If log_id.Text = "" Then
MsgBox("Please Enter ID", MsgBoxStyle.Information)
log_id.Focus()
ElseIf log_pw.Text = "" Then
MsgBox("Please enter your password", MsgBoxStyle.Information)
log_pw.Focus()
Else
' get the id of the worker name
getQuery = "SELECT registrationform.worker_id FROM registrationform WHERE registrationform.worker_password ='" & log_pw.Text & "' AND registrationform.worker_id ='" & log_id.Text &
"'"
getCommand = New MySqlCommand(getQuery, MySQLConnection)
getReader = getCommand.ExecuteReader() <- IM GETTING ERROR HERE
If getReader.Read = True Then
getID = (getReader.Item("worker_id").ToString)
MsgBox("Welcome!", MsgBoxStyle.Information)
getReader.Close()
getTimeButtons()
disableLogIn()
Else
MsgBox("Incorrect fullname and/or password!", MsgBoxStyle.Information)
log_pw.Focus()
End If
getReader.Close()
End If
End Sub
---------------
Help me please :( Thank you
Hello,
Not knowing the error I would have you create two parameters for the command object instead of using string concatenation for the SELECT statement.
Why use parameters?
- Prevents SQL Injection
- Handles (in this case) formatting of strings e.g. if there was an un-escaped apostrophe this would cause a syntax error.
The following is done in SQL-Server but could just as easily be MySql outside of Visual Studio
DECLARE @CompanyName AS NVARCHAR(MAX) = 'Joe company'; SELECT CustomerIdentifier FROM Customers WHERE CompanyName = @CompanyNameThe above is valid while the following is invalid because of the embedded apostrophe
DECLARE @CompanyName AS NVARCHAR(MAX) = 'Joe's company'; SELECT CustomerIdentifier FROM Customers WHERE CompanyName = @CompanyNameUsing parameters in code we would end up with
DECLARE @CompanyName AS NVARCHAR(MAX) = 'Joe''s company'; SELECT CustomerIdentifier FROM Customers WHERE CompanyName = @CompanyNameBottom line, use parameters, secondly always test outside of code (see my TechNet article).
这篇关于登录帮助的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
