错误：“用户名或密码不正确”。 [英] Error : "Incorrect Username or Password.

问题描述

我收到所有输入错误不正确的用户名或密码。

I getting the error "Incorrect Username or Password" for all input.

Private Sub Button1_Click(sender As System.Object, e As System.EventArgs) Handles Button1.Click
        Try

       
        Dim con As New SqlConnection("Data Source=192.168.10.3;Initial Catalog=IT_INV;user id=sa;password=1")
        con.Open()
        Dim dt As New DataTable("user")
        Dim rs As New SqlCommand("SELECT * FROM [user] WHERE username='" & TextBox1.Text & "' AND passw='" & TextBox2.Text & "'", con)

            Dim usernameParam As New SqlParameter("username", Me.TextBox1.Text)
            Dim passwordParam As New SqlParameter("passw", Me.TextBox2.Text)

            rs.Parameters.Add(usernameParam)
            rs.Parameters.Add(passwordParam)

            Dim sqlRead As SqlDataReader = rs.ExecuteReader
            If sqlRead.HasRows Then
                If sqlRead.Read = True Then


                    If sqlRead("usertype") = "admin" Then
                        MsgBox("admin")
                    ElseIf sqlRead("usertype") = "user" Then
                        MsgBox("user")

                    Else
                        MessageBox.Show("Incorrect Username or Password.", "Login Failed", MessageBoxButtons.OK, MessageBoxIcon.Exclamation)

                        TextBox1.Text = ""
                        TextBox2.Text = ""

                    End If

                End If
            End If

            con.Close()

  Catch ex As Exception
            MessageBox.Show(ex.Message)
        End Try
    End Sub

推荐答案

解决方案很明显。您正在运行SQL命令，该命令应该选择满足条件的用户。否则，结果将不会呈现给您。



执行所有语句后，您正在查看数据读取器以检查该用户的另一个列值。这是 userType 。



您应该知道，如果没有找到记录，那么该值与管理员或用户不匹配。这就是为什么，你总会得到这个消息。我知道你不能最小化这个错误，所以没有解决方案。除非数据库中存在此查询的结果，否则将无法匹配用户。为确保此错误不再出现，请确保，

The solution to it is obvious. You are running an SQL command which is supposed to select the user where the conditions are met. Otherwise the results won't be presented to you.

After executing all of the statements, you are looking into the data reader to check for another column value of that user. Which is, "userType".

You should know that if there is no record found then the value is not matched with either admin or user. That is why, you will always get this message. I know you cannot minimize this error, and so there is no solution. Unless there is a result in the database for this query, and the user would not be matched. To ensure that this error doesn't show up again, make sure,

1. 您至少有一个记录在数据库表中
2. 用户和密码字段与您提供的输入匹配（用于测试）
3. userType 字段也是admin或user

1. You have at least one record in your database table
2. User and password fields are matching with the input you provide (for testing)
3. userType field is also either "admin" or "user"

然后我相信这段代码会起作用返回您想要查看的结果。



提示：从不以纯文本格式存储密码。哈希并将哈希存储在数据库中。



编辑



问题是你已经替换了值...在查询中，如果你看，

Then I believe that this code would work and would return the result that you want to see.

Tip: Never stored passwords in plain-text. Hash them and store the hash in the database.

Edit

The problem is that you have replaced the value... In the query if you look,

Dim rs As New SqlCommand("SELECT * FROM [user] WHERE username='" & TextBox1.Text & "' AND passw='" & TextBox2.Text & "'", con)
 
Dim usernameParam As New SqlParameter("username", Me.TextBox1.Text)
Dim passwordParam As New SqlParameter("passw", Me.TextBox2.Text)

您打算以这种方式编写查询，

You meant to write the query this way,

Dim rs As New SqlCommand("SELECT * FROM [user] WHERE username=@0 AND passw=@1", con)
 
Dim usernameParam As New SqlParameter("0", Me.TextBox1.Text)
Dim passwordParam As New SqlParameter("1", Me.TextBox2.Text)

这是参数化查询。现在将作为条件的值传递。立即运行查询并查看结果。

This is the parameterized query. Which is now going to be passed as the value for the condition. Run the query now and see the result.

这篇关于错误：“用户名或密码不正确”。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！