请解决我的错误 [英] please solve my error

问题描述

Imports System.Data
Imports System.Data.SqlClient
Imports System.Configuration
Imports System.IO


Public Class login

    Dim cn As SqlConnection = New SqlConnection("Data Source=sohil-pc\sqlexpress;Initial Catalog=kshitij;Integrated Security=True;Pooling=False")



    Private Sub btnbrowse_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnbrowse.Click
        ofdsignature.InitialDirectory = " d:\images"
        If ofdsignature.ShowDialog() <> Windows.Forms.DialogResult.Cancel Then
            lblsignature.Text = ofdsignature.FileName

        End If
    End Sub

    Private Sub lbllogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles lbllogin.Click
        cn.Open()
        Dim cm As SqlCommand = New SqlCommand("select count(*) from Empdetails where EmpUsername=@p1 and EmpPassword=@p2", cn)
        cm.Parameters.Add("@p1", SqlDbType.VarChar).Value = txtusername
        cm.Parameters.Add("@p2", SqlDbType.VarChar).Value = txtpassword
        Dim UserFoundCount As Integer = Convert.ToInt32(cm.ExecuteScalar())
        If UserFoundCount = 1 Then
            'user exists
        ElseIf UserFoundCount = 0 Then
            'user not found
        ElseIf UserFoundCount > 1 Then
            'you have more than one of the same username and password in the table
        End If
        cn.Close()
    End Sub

    Private Sub login_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Try


        Catch ex As Exception
        End Try
    End Sub
End Class

`现在我遇到了这样的错误....
无法将参数值从TextBox转换为String.
在这一行.....
昏暗的UserFoundCount为整数= Convert.ToInt32(cm.ExecuteScalar())

`now i got error like this....
Failed to convert parameter value from a TextBox to a String.
in this line.....
Dim UserFoundCount As Integer = Convert.ToInt32(cm.ExecuteScalar())

推荐答案

简短的答案是:

The short answer would be:

myString = myTextBox.Text

提出此类问题时，应始终使用全名，并标记您使用的UI库.另外，您应该在代码中标记出编译器发现错误的确切行.没有人愿意在猜测上浪费时间.

从这段代码中，我可以看到您正在直接存储密码.这是不安全的，永远不要这样做.除了用户外，任何人都不会知道密码，即使是对系统具有完全访问权限的人也是如此.身份验证永远不需要它.方法之一是使用 cryptographic hash函数:
http://en.wikipedia.org/wiki/Cryptographic_hash_function [以c#格式验证用户名和密码 [ ^ ]，
如何存储密码 [密码保存.NET [

—SA

You should always use full type name when asking such questions, and tag the UI library you use. Also, you should mark exact line in your code where the compiler finds an error. Nobody want to waste time on guesswork.

From this code, I can see you are storing the password directly. This is unsafe and never ever should be done. Nobody but the user should ever know the password, even the person with full access to the system. It is never needed for authentication. One of the approaches is using cryptographic hash function:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].

You always compare hash to stored hash, never a password. It is not feasible to get a password from known hash.
Please see my past answers:
verify user name and password in c# form[^],
How to Store a Password[^],
Password saving .NET[^].

Also, you are using path name "d:/images". It will work only on one computer and illegal on systems like Windows 7. There are no situations where a hard-coded path name can be useful, ever. All path names are always calculated during run time based on location of assembly, special directories or some configuration data.

—SA

您的错误实际上在

Your error is actually on the

cm.Parameters.Add("@p1", SqlDbType.VarChar).Value = txtusername
cm.Parameters.Add("@p2", SqlDbType.VarChar).Value = txtpassword

应该是

It should be

cm.Parameters.Add("@p1", SqlDbType.VarChar).Value = txtusername.Text
cm.Parameters.Add("@p2", SqlDbType.VarChar).Value = txtpassword.Text

这篇关于请解决我的错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！