请解决我的错误 [英] please solve my error
问题描述
Imports System.Data
Imports System.Data.SqlClient
Imports System.Configuration
Imports System.IO
Public Class login
Dim cn As SqlConnection = New SqlConnection("Data Source=sohil-pc\sqlexpress;Initial Catalog=kshitij;Integrated Security=True;Pooling=False")
Private Sub btnbrowse_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles btnbrowse.Click
ofdsignature.InitialDirectory = " d:\images"
If ofdsignature.ShowDialog() <> Windows.Forms.DialogResult.Cancel Then
lblsignature.Text = ofdsignature.FileName
End If
End Sub
Private Sub lbllogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles lbllogin.Click
cn.Open()
Dim cm As SqlCommand = New SqlCommand("select count(*) from Empdetails where EmpUsername=@p1 and EmpPassword=@p2", cn)
cm.Parameters.Add("@p1", SqlDbType.VarChar).Value = txtusername
cm.Parameters.Add("@p2", SqlDbType.VarChar).Value = txtpassword
Dim UserFoundCount As Integer = Convert.ToInt32(cm.ExecuteScalar())
If UserFoundCount = 1 Then
'user exists
ElseIf UserFoundCount = 0 Then
'user not found
ElseIf UserFoundCount > 1 Then
'you have more than one of the same username and password in the table
End If
cn.Close()
End Sub
Private Sub login_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Try
Catch ex As Exception
End Try
End Sub
End Class
`现在我遇到了这样的错误....
无法将参数值从TextBox转换为String.
在这一行.....
昏暗的UserFoundCount为整数= Convert.ToInt32(cm.ExecuteScalar())
`now i got error like this....
Failed to convert parameter value from a TextBox to a String.
in this line.....
Dim UserFoundCount As Integer = Convert.ToInt32(cm.ExecuteScalar())
推荐答案
简短的答案是:
The short answer would be:
myString = myTextBox.Text
提出此类问题时,应始终使用全名,并标记您使用的UI库.另外,您应该在代码中标记出编译器发现错误的确切行.没有人愿意在猜测上浪费时间.
从这段代码中,我可以看到您正在直接存储密码.这是不安全的,永远不要这样做.除了用户外,任何人都不会知道密码,即使是对系统具有完全访问权限的人也是如此.身份验证永远不需要它.方法之一是使用 cryptographic hash函数:
http://en.wikipedia.org/wiki/Cryptographic_hash_function [以c#格式验证用户名和密码 [ ^ ],
如何存储密码 [密码保存.NET [
You should always use full type name when asking such questions, and tag the UI library you use. Also, you should mark exact line in your code where the compiler finds an error. Nobody want to waste time on guesswork.
From this code, I can see you are storing the password directly. This is unsafe and never ever should be done. Nobody but the user should ever know the password, even the person with full access to the system. It is never needed for authentication. One of the approaches is using cryptographic hash function:
http://en.wikipedia.org/wiki/Cryptographic_hash_function[^].
You always compare hash to stored hash, never a password. It is not feasible to get a password from known hash.
Please see my past answers:
verify user name and password in c# form[^],
How to Store a Password[^],
Password saving .NET[^].
Also, you are using path name "d:/images". It will work only on one computer and illegal on systems like Windows 7. There are no situations where a hard-coded path name can be useful, ever. All path names are always calculated during run time based on location of assembly, special directories or some configuration data.
您的错误实际上在
Your error is actually on the
cm.Parameters.Add("@p1", SqlDbType.VarChar).Value = txtusername
cm.Parameters.Add("@p2", SqlDbType.VarChar).Value = txtpassword
应该是
It should be
cm.Parameters.Add("@p1", SqlDbType.VarChar).Value = txtusername.Text
cm.Parameters.Add("@p2", SqlDbType.VarChar).Value = txtpassword.Text
这篇关于请解决我的错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!