连接到SQL Server
问题描述:
Public Class Form1
Private Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click
Dim con As New SqlClient.SqlConnection(MYConnection.MYconnectionString)
con.Open()
Dim dr As SqlClient.SqlDataReader
Dim cmd As New SqlClient.SqlCommand("select * from [User] where UserName=" + txtuser.Text + " and UserPass= " + txtpassword.Text + "", con)
dr = cmd.ExecuteReader
If dr.Read Then
MsgBox("Welcome")
End If
con.Close()
End Sub
End Class
这是我的登录表单我的代码..每当我运行该程序,并输入自己的用户名和密码,会出现这种情况:连接到SQL Server
这是MyConnection.vb是我使用连接到我的数据库
Public Class MYConnection
Public Shared MYconnectionString As String = "Server=CLAIRETUMLOS\SQLEXPRESS;Database=Capstone;Integrated Security=True;"
End Class
这里是我的dbo.User表
答
你缺少字符串领域的'
,但我建议你使用的参数,以避免SQL注入,像这样:
Private Sub btnlogin_Click(sender As Object, e As EventArgs) Handles btnlogin.Click
Dim con As New SqlClient.SqlConnection(MYConnection.MYconnectionString)
con.Open()
Dim dr As SqlClient.SqlDataReader
Dim cmd As New SqlClient.SqlCommand("select * from [User] where [email protected] and [email protected]", con)
cmd.Parameters.AddWithValue("@UserName", txtuser.Text)
cmd.Parameters.AddWithValue("@UserPass", txtpassword.Text)
dr = cmd.ExecuteReader
If dr.Read Then
MsgBox("Welcome")
End If
con.Close()
End Sub
你缺少蜱周围的数据。这种事情不会发生使用SQL参数。你的代码也不会失败,像'O'Brien'这样的名字。不要将密码存储为纯文本。 – Plutonix