SQL Command.ExecuteReader vb.net [英] SQL Command.ExecuteReader vb.net
本文介绍了SQL Command.ExecuteReader vb.net的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试在 SQL Express 2012 和 vb.net 中使用登录表单.我有数据库连接,现在我有以下问题;代码中 '=' 附近的语法不正确;数据 = 命令.ExecuteReader有什么建议?这是代码谢谢!!!!!!!!!
I am trying to use a login form with SQL Express 2012 and vb.net. I have the db connection, now I have the following problem; Incorrect syntax near '=' for the code ; data = command.ExecuteReader Any suggestions? Here is the code Thanks!!!!!!!
Imports System.Data.SqlClient
Imports System.Data.OleDb
Public Class login
Private Sub login_user_Click(sender As Object, e As EventArgs) Handles login_user.Click
Dim conn As New SqlConnection
If conn.State = ConnectionState.Closed Then
conn.ConnectionString = ("Server=192.168.0.2;Database=Sunshinetix;User=sa;Password=sunshine;")
End If
Try
conn.Open()
Dim sqlquery As String = "SELECT = FROM Users Where Username = '" & username_user.Text & "';"
Dim data As SqlDataReader
Dim adapter As New SqlDataAdapter
Dim command As New SqlCommand
command.CommandText = sqlquery
command.Connection = conn
adapter.SelectCommand = command
data = command.ExecuteReader()
While data.Read
If data.HasRows = True Then
If data(2).ToString = password_user.Text Then
MsgBox("Sucsess")
Else
MsgBox("Login Failed! Please try again or contact support")
End If
Else
MsgBox("Login Failed! Please try again or contact support")
End If
End While
Catch ex As Exception
End Try
End Sub
结束课程
推荐答案
问题是您的查询是 SELECT = FROM
这显然是一个错字正确的语法是 SELECT * FROM代码>.
The problem was that your query is SELECT = FROM
which is obviously a typo the correct syntax is SELECT * FROM
.
查看我的代码以避免SqlInjection
试试这个代码:
Dim conn As New SqlConnection
If conn.State = ConnectionState.Closed Then
conn.ConnectionString = ("Server=192.168.0.2;Database=Sunshinetix;User=sa;Password=sunshine;")
End If
Try
conn.Open()
Dim sqlquery As String = "SELECT * FROM Users Where Username = @user;"
Dim data As SqlDataReader
Dim adapter As New SqlDataAdapter
Dim parameter As New SqlParameter
Dim command As SqlCommand = New SqlCommand(sqlquery, conn)
With command.Parameters
.Add(New SqlParameter("@user", password_user.Text))
End With
command.Connection = conn
adapter.SelectCommand = command
data = command.ExecuteReader()
While data.Read
If data.HasRows = True Then
If data(2).ToString = password_user.Text Then
MsgBox("Sucsess")
Else
MsgBox("Login Failed! Please try again or contact support")
End If
Else
MsgBox("Login Failed! Please try again or contact support")
End If
End While
Catch ex As Exception
End Try
我建议您使用参数化查询来避免 SQL 注入
I would recommend to you use the parametrized query to avoid SQL Injection
这篇关于SQL Command.ExecuteReader vb.net的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文