显示（指定的演员表无效。）当我点击前3时如果其他部分休息是好的 [英] Showing (Specified Cast Is Not Valid. ) When I Clicked On First 3 If Else Section Rest Are Ok

问题描述

Try
            cnn.Open()
            cmd.CommandText = "SELECT `user_name`, `user_password`, `add_client`, `add_product`, `sales`, `account`,`admin`, `help` FROM `login`" & _
                " WHERE `user_name`='" & txt_user_name.Text & "' AND `user_password`='" & txt_password.Text & "' "
            dr = cmd.ExecuteReader
            dr.Read()
            If dr.HasRows Then
                Me.Hide()
                If dr("add_client").ToString = "1" Then
                    ManuForm.pb_1.Enabled = True
                Else
                    ManuForm.pb_1.Enabled = False
                End If
                If dr("add_product").ToString = "1" Then
                    ManuForm.pb_2.Enabled = True
                Else
                    ManuForm.pb_2.Enabled = False
                End If
                If dr("sales").ToString = "1" Then
                    ManuForm.pb_3.Enabled = True
                Else
                    ManuForm.pb_3.Enabled = False
                End If
                If dr("account").ToString = "1" Then
                    ManuForm.pb_4.Enabled = True
                Else
                    ManuForm.pb_4.Enabled = False
                End If
                If dr("admin").ToString = "1" Then
                    ManuForm.pb_5.Enabled = True
                Else
                    ManuForm.pb_5.Enabled = False
                End If
                If dr("help").ToString = "1" Then
                    ManuForm.pb_6.Enabled = True
                Else
                    ManuForm.pb_6.Enabled = False
                End If
                ManuForm.ShowDialog()
            Else
                MsgBox("Invalid User Name Or Password .Try Again", vbCritical)
                txt_password.Text = ""
                txt_user_name.Text = ""
                txt_user_name.Focus()
            End If
        Catch ex As Exception
            MsgBox(ex)
        End Try
        dr.Close()
        cnn.Close()

推荐答案

从不这样做开始。

不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。

无论如何，这可能会解决您的问题 - 并保护您的数据不被第一个恶意用户删除以输入您的文本框...



然后，停止以明文形式存储密码 - 这是一个主要的安全风险。使用用户名对其进行盐化，哈希，然后存储哈希值，并在需要验证用户时将其与用户输入的哈希值进行比较。

Start by not doing that.
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
The chances are that that will cure your problem anyway - and save your data from deletion by the first malicious user to type into your textboxes...

And then, stop storing passwords in clear text - it's a major security risk. Salt them with the username, hash them, then store the hash, and compare it to the hashed version of the user input when you want to verify the user.

这篇关于显示（指定的演员表无效。）当我点击前3时如果其他部分休息是好的的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！