我如何正确使用sql连接？...“我的目标:(更改密码）（像用户一样）” [英] How i use the sql connection properly ?... "my objective: (change password ) (like a user)"

问题描述

大家好！



''验证：如果旧密码与用户对应

''如果对应的话比我能如果没有msgboxerror

  Dim  newpass  As   String  
 
 尝试 
 '  Dim db As OracleDatabase  
  Dim  conn  As  System.Data.OleDb.OleDbConnection 
  Dim  reader  As  System.Data.OleDb.OleDbDataReader 
  Dim  cmd 作为 System.Data.OleDb.OleDbCommand 
  Dim  myParamArray  As  新 ArrayList 
  Dim  param < span class =code-keyword>作为 新 OracleParameter 
 
 conn.Open（）
 cmd = oracleClient .ExecuteScalar（ 从table_user中选择a.passe，其中a.name&   iduser，myParamArray）
 reader = cmd.ExecuteReader 
  while  reader.Read（）
 newpass = reader.Item（ 0 ）
 结束   
 如果 不 txtpassold.Text =   然后 
 Label1.Text =   * &安培;  密码错误 
 txtpassold.Text =   
 返回 
 
 < span class =code-keyword>结束 如果 
  Catch  ex < span class =code-keyword> As 异常
 msgbox（ 错误：&   ......）
 结束 尝试 

' '验证：确认新通行证

''更新新通行证

 尝试 
 如果 不 txtpassconfirm.Text = txtpassnew.Text 然后 
 MsgBox（ 输入的密码不正确）
 否则 
  Dim  db 作为 新 OracleConnection（ 数据源;）
 db.Open（）
  Dim  varorcl 作为 字符串 =（  UPDATE TableUser a SET a.pass=@passe其中ID =&   idUser）
  Dim  cmd1 作为 新 OracleCommand（varorcl，db）
 cmd1.Parameters.Add（新 OracleParameter（  @ passe，OracleDbType。 NVarchar2））。Value = txtpassnew.Text 
 cmd1.ExecuteNonQuery（）
 '  txtpassnew.Text = 
 '  txtpassconfirm.Text = 
 结束 如果 
  Catch  ex  As 异常
 MsgBox（ 错误：& ex.Message，MsgBoxStyle.Critical）
 txtpassnew.Text =   
 txtpassconfirm.Text =   
 结束 尝试 

解决方案

永远不要以明文形式存储密码 - 它是一个主要的安全风险。有关如何在此处执行此操作的信息：密码存储：如何做到这一点。 [ ^ ]

Hello everyone!

''verification: if the old password is corresponding with the user
''if corespondes than i can introduce a new pass
''if not msgboxerror

Dim newpass As String
    
      Try
          ' Dim db As OracleDatabase
          Dim conn As System.Data.OleDb.OleDbConnection
          Dim reader As System.Data.OleDb.OleDbDataReader
          Dim cmd As System.Data.OleDb.OleDbCommand
          Dim myParamArray As New ArrayList
          Dim param As New OracleParameter

          conn.Open()
          cmd = oracleClient.ExecuteScalar("Select a.passe from table_user where a.name" & "iduser", myParamArray)
          reader = cmd.ExecuteReader
          While reader.Read()
              newpass = reader.Item(0)
          End While
          If Not txtpassold.Text = "something" Then
              Label1.Text = "*" & "the password is incorrect"
              txtpassold.Text = ""
              Return

          End If
      Catch ex As Exception
msgbox("error:"&"......")
      End Try

''validation: the new pass with confirmation
''updating new pass

Try
            If Not txtpassconfirm.Text = txtpassnew.Text Then
                MsgBox("the password entered is incorrect")
            Else
                Dim db As New OracleConnection("Data Source;")
                db.Open()
                Dim varorcl As String = ("UPDATE TableUser a SET a.pass=@passe Where ID=" & "idUser")
                Dim cmd1 As New OracleCommand(varorcl, db)
                cmd1.Parameters.Add(New OracleParameter("@passe", OracleDbType.NVarchar2)).Value = txtpassnew.Text
                cmd1.ExecuteNonQuery()
                'txtpassnew.Text = ""
                'txtpassconfirm.Text = ""
            End If
        Catch ex As Exception
            MsgBox("Error: " & ex.Message, MsgBoxStyle.Critical)
            txtpassnew.Text = ""
            txtpassconfirm.Text = ""
        End Try

解决方案

Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

这篇关于我如何正确使用sql连接？...“我的目标:(更改密码）（像用户一样）”的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！