为什么参数化查询不起作用 [英] Why parameterise query is not working
问题描述
当我在登录表单中检查用户名密码时,我遇到了愚蠢的问题,但是....但是它不起作用......
我是什么尝试过:
Dim ole as new oledb.oledbcommnd()
ConnectData()' 数据库连接程序
ole.connection = conn
Ole.commandText = select * from login其中user ='@ usern'和pass ='@ pass'
Ole.parameters.add( @ usern,oledbtype.varchar, 30 )。value = username ' 用户名是字符串类型变量
ole.parameters.add ( @ pass,oledbtype.varchar, 30 )。value = password ' 密码是字符串类型变量
Dim dr as oledb.oledbdatareader = ole.executereader
如果 dr.read()那么
dr.close
返回 true
Else
Dr.close
返回 false
结束 如果
使用参数时,不要对值使用撇号。因此,而不是
Ole.commandText = select *登录,其中user ='@ usern'和pass ='@ pass'
尝试
Ole.commandText = select * from login where user = @usern and pass = @pass
另一件事是你应该妥善处理这些物品。最简单的方法是使用使用
块。例如,请查看正确执行数据库操作 [ ^ ]
第三件事是您似乎将密码存储为纯文本。如果确实如此,您应该尽快修复它。请查看密码存储:如何操作。 [< a href =http://www.codeproject.com/Tips/186585/Password-Storage-How-to-do-ittarget =_ blanktitle =New Window> ^ ]
I have got silly problem when i check username password in my login form but .... But its not working...
What I have tried:
Dim ole as new oledb.oledbcommnd()
ConnectData() ' database connection procedure
ole.connection = conn
Ole.commandText = "select * from login where user = '@usern' and pass = '@pass'"
Ole.parameters.add("@usern",oledbtype.varchar,30).value = username 'username is string type variable
ole.parameters.add("@pass",oledbtype.varchar,30).value = password 'password is string type variable
Dim dr as oledb.oledbdatareader = ole.executereader
if dr.read() then
dr.close
Return true
Else
Dr.close
Return false
End if
When you use parameters, you don't use apostrophes for the values. So instead of
Ole.commandText = "select * from login where user = '@usern' and pass = '@pass'"
try
Ole.commandText = "select * from login where user = @usern and pass = @pass"
Another thing is that you should properly dispose the objects. The easiest way is to useusing
block. For examples, have a look at Properly executing database operations[^]
And the third thing is that you seem to store the password as plain text. If this really is the case, you should fix it as soon as possible. Have a look at Password Storage: How to do it.[^]
这篇关于为什么参数化查询不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!