需要帮助我的更新声明 [英] need help with my update statement
问题描述
当我运行并尝试更改密码时,它显示错误da.updatecommand.executenonquery()
它说更新声明中的语法错误
错误代码:-2147217900
项目:为了评估索引属性,必须对该属性进行限定,并且必须由用户显式提供参数。
message:语法UPDATE语句中的错误。
源:Microsoft Access数据库引擎
我需要参数吗?如果需要我如何添加参数?
Sub gantiid ()
sql =& quot;更新USERLIST 设置 USERNAME = ' &安培; QUOT; &放大器;放大器; LOGIN.USERNAME.Text& amp; & quot;',PASSWORD ='& quot; &放大器;放大器;更新。文本& amp; &安培; QUOT;其中USERNAME ='& quot; &放大器;放大器; LOGIN.USERNAME.Text& amp; & quot;'& quot;
kns.Open()
da.UpdateCommand = 新 OleDbCommand(sql,kns) )
da.UpdateCommand.ExecuteNonQuery()
kns.Close()
结束 Sub
私有 Sub Button1_Click(发件人作为 对象,e As EventArgs)句柄 Button1.Click
cariid()
如果 ds.Tables(& quot) ; USERLIST& quot;)。Rows.Count = 0 然后
MessageBox.Show(& ;你输入了错误的密码& quot;,& quot;警告!& quot;)
oldpass.Clear()
newpass.Clear()
renew.Clear()
oldpass.Focus()
ElseIf ds.Tables(& quot; USERLIST& quot;)。Rows.Count = 1 和 newpass.Text& lt;& gt; renew.Text 然后
MessageBox.Show(& quot; New Password 和确认必须是相同!& quot;,& quot;警告!& quot;)
newpass.Clear()
renew.Clear()
newpass.Focus()
< span class =code-keyword> ElseIf ds.Tables(& quot; USERLIST& quot;)。Rows.Count = 1 和 newpass.Text = renew.Text 然后
gantiid()
MessageBox.Show(& ;密码更改 成功!& quot;,& quot;注意& quot;)
我 .Close()
结束 如果
结束 Sub
首先修复 SQL Injection [
此外,更新USERNAME
列没有意义为了相同的值,所以你可以删除那部分查询。
你还需要包装PASSWORD
方括号中的列(即:[PASSWORD]
),因为它是Access中的保留字。
Sub gantiid()
' OleDb提供程序不使用命名参数:
sql = 更新USERLIST set [PASSWORD] =? USERNAME =?
kns.Open()
da.UpdateCommand = 新 OleDbCommand(sql,kns) )
da.UpdateCommand.Parameters.AddWithValue( p0,renew.Text)
da.UpdateCommand.Parameters.AddWithValue( p1,LOGIN.USERNAME.Text)
da.UpdateCommand.ExecuteNonQuery()
kns.Close()
结束 Sub
修好后,您需要检查密码存储。您目前正在密码存储-text,这是一个非常糟糕的主意。你应该存储密码的盐渍哈希 - 参见:盐渍密码哈希 - 做对了 [ ^ ]
您可能在更新字段USERNAME时遇到问题。通过您的代码,USERNAME字段看起来像是索引且唯一的。您可以尝试:
sql =update USERLIST set PASSWORD ='& renew.Text& 'USERNAME ='& LOGIN.USERNAME.Text&
when i run and try to change the password it show error on "da.updatecommand.executenonquery()"
it said "syntax error in update statement"
error code : -2147217900
item:In order to evaluate an indexed property, the property must be qualified and the arguments must be explicitly supplied by the user.
message: Syntax error in UPDATE statement.
source: Microsoft Access Database Engine
do i need parameter? and how i add parameter if i need to?
Sub gantiid()
sql = "update USERLIST set USERNAME = '" & LOGIN.USERNAME.Text & "', PASSWORD= '" & renew.Text & "' where USERNAME ='" & LOGIN.USERNAME.Text & "'"
kns.Open()
da.UpdateCommand = New OleDbCommand(sql, kns)
da.UpdateCommand.ExecuteNonQuery()
kns.Close()
End Sub
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
cariid()
If ds.Tables("USERLIST").Rows.Count = 0 Then
MessageBox.Show("You Have Enter Wrong Password", "Warning!")
oldpass.Clear()
newpass.Clear()
renew.Clear()
oldpass.Focus()
ElseIf ds.Tables("USERLIST").Rows.Count = 1 And newpass.Text <> renew.Text Then
MessageBox.Show("New Password And Confirmation Must Be Same!", "Warning!")
newpass.Clear()
renew.Clear()
newpass.Focus()
ElseIf ds.Tables("USERLIST").Rows.Count = 1 And newpass.Text = renew.Text Then
gantiid()
MessageBox.Show("Password Change Is Successful!", "Notice")
Me.Close()
End If
End Sub
Start by fixing the SQL Injection[^] vulnerability in your code.
Also, there's no point updating theUSERNAME
column to the same value, so you can remove that part of the query.
You'll also need to wrap thePASSWORD
column in square brackets (ie:[PASSWORD]
), as it's a reserved word in Access.
Sub gantiid() ' The OleDb provider doesn't use named parameters: sql = "update USERLIST set [PASSWORD] = ? where USERNAME = ?" kns.Open() da.UpdateCommand = New OleDbCommand(sql, kns) da.UpdateCommand.Parameters.AddWithValue("p0", renew.Text) da.UpdateCommand.Parameters.AddWithValue("p1", LOGIN.USERNAME.Text) da.UpdateCommand.ExecuteNonQuery() kns.Close() End Sub
Once you've fixed that, you then need to review your password storage. You're currently storing passwords in plain-text, which is a really bad idea. You should be storing a salted hash of the password - see: Salted Password Hashing - Doing it Right[^]
You may have problems with updating the field USERNAME. By your code it looks like the USERNAME field is indexed and unique. You might try:
sql = "update USERLIST set PASSWORD= '" & renew.Text & "' where USERNAME ='" & LOGIN.USERNAME.Text & "'"
这篇关于需要帮助我的更新声明的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!