system.data.dll中出现未处理的'system.data.sqlclient.sqlException'类型的异常 [英] AN unhandled exception of type 'system.data.sqlclient.sqlException' occured in system.data.dll
本文介绍了system.data.dll中出现未处理的'system.data.sqlclient.sqlException'类型的异常的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
Imports System.Data
Imports System.Data.SqlClient
Public Class LoginForm1
Dim da As SqlDataAdapter
Dim ds As DataSet
Dim query As String
Dim sqlq As String
Private Sub DELETETIME()
If con.State = ConnectionState.Open Then con.Close()
con.Open()
query = "DELETE FROM USERLOG WHERE USERID='" & USERNAME & "'"
COMMAND = New SqlCommand(query, con)
COMMAND.ExecuteNonQuery()
End Sub
Private Sub OK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles OK.Click
Dim CMD As SqlCommand
If con.State = ConnectionState.Open Then con.Close()
con.Open()
query = "select * from USERLOGIN where USERID='" & txtUsername.Text & "'and UPASSWORD='" & txtPasswd.Text & "'"
da = New SqlDataAdapter(query, con)
ds = New DataSet
da.Fill(ds)
If ds.Tables(0).Rows.Count > 0 Then
'valid user
USERNAME = txtUsername.Text
USERTYPE = ds.Tables(0).Rows(0).Item(3)
logintime = Now
DELETETIME()
If con.State = ConnectionState.Open Then con.Close()
con.Open()
'query = "UPDATE USERLOG SET ULOGDATE='" & Today & "',ULOGINTIME='" & Now & "' WHERE USERID='" & USERNAME & "'"
query = "INSERT INTO USERLOG VALUES('" & txtUsername.Text & "','" & Today & "','" & Now.TimeOfDay.ToString & "')"
CMD = New SqlCommand(query, con)
CMD.ExecuteNonQuery()
con.Open()
con.Close()
frmMDIMain.Show()
Me.Hide()
Else
MsgBox("INVALID LOGIN")
End If
txtUsername.Text = ""
txtPasswd.Text = ""
txtUsername.Focus()
End Sub
Private Sub Cancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
'Me.Close()
End
End Sub
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
txtUsername.Text = ""
txtPasswd.Text = ""
txtUsername.Focus()
End Sub
Private Sub LoginForm1_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Call myConnection()
txtUsername.Focus()
End Sub
End Class
当我运行它时,
。system.data.dll中出现'system.data.sqlclient.sqlException'类型的未处理异常获得了此运行时错误。
我怎么能超过这个?
when I run it."AN unhandled exception of type 'system.data.sqlclient.sqlException' occured in system.data.dll" this run time error is obtained.
how can I over come from this??
推荐答案
检查你得到的例外中的细节。这将有助于深入了解SQL为什么会抛出异常。
查看代码可能会有一些问题。
- 如果用户名包含撇号(例如O'Neil),该怎么办?
- 提供的日期和时间是否与数据库期望兼容。
解决这两个问题的最佳方法是使用参数化查询。
这也有利于消除你正在做的大量安全问题。构建SQL字符串的方式是一个常见的缺陷,黑客已经多次使用它来进入系统。参数化查询消除了这一点。
Examine the details in the exception you are getting. This will give some insight into why SQL is throwing an exception.
Looking at the code there are a couple of things that might be the problem.
- What if the username contains an apostrophe (e.g. O'Neil).
- Are the date and time provided compatible with the databases expectation.
The best way of solving both these problems is to use Parameterized Queries.
This also has the advantage of removing a massive security issue with what you are doing. The way you are constructing SQL strings is a common defect, and has been used many times by hackers to break into systems. Parameterized queries eliminates this.
这篇关于system.data.dll中出现未处理的'system.data.sqlclient.sqlException'类型的异常的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
