Fatal编程技术网
  • vb.net/
  • Vb.net 通过连接mysql数据库更改密码

Vb.net 通过连接mysql数据库更改密码

vb.net

Vb.net 通过连接mysql数据库更改密码,vb.net,mysqlconnection,Vb.net,Mysqlconnection,在adapter=New MySqlDataAdapterUPDATE user SET Password其中Password='&txtpassword.Text&'行中出现错误 我怎样才能解决这个问题 Private Sub getdbdata() Try mysqlconn = New MySqlConnection("server=localhost;username=root;database=bank") dataset = New Dat

在adapter=New MySqlDataAdapterUPDATE user SET Password其中Password='&txtpassword.Text&'行中出现错误

我怎样才能解决这个问题

Private Sub getdbdata()

    Try
        mysqlconn = New MySqlConnection("server=localhost;username=root;database=bank")

        dataset = New DataSet
        adapter = New MySqlDataAdapter("UPDATE user SET Password WHERE Password ='" & txtpassword.Text & "'")
        adapter.Fill(dataset, "user")

        mysqlconn.Open()

        reader = command.ExecuteReader

        If reader.HasRows Then
            Form1.Show()
            Me.Visible = False

        Else
            MessageBox.Show("Password change unsuccessful.")
        End If


        reader.Close()
        mysqlconn.Close()

    Catch ex As MySqlException
        MessageBox.Show(ex.Message)

    End Try

End Sub
主要问题在于

因此,在代码中进行以下更改:

    dataset = New DataSet
    adapter = New MySqlDataAdapter("UPDATE user SET Password = '" & txtNewpassword.Text & "' " & _
                                   "WHERE userName = '" & txtuser.Text & "' and " & _
                                   "Password ='" & txtOldpassword.Text & "'")
    adapter.Fill(dataset, "user")
现在代码的意思是“已满”,对于在txtser中有用户名且在txtOldpassword中有匹配密码的用户,它会将密码重置为txtNewpassword中的what,错误是什么?除了易受SQL注入攻击外,我认为它没有任何问题。也许您的密码包含一个引号?:如果我不得不猜测,因为您没有费心提供系统提供给您的错误消息,我会说用户是一个保留字,如果使用标识符,则需要转义。在MySQL中,您可以通过将值包装在graves`中来实现这一点。 
Imports MySql.Data.MySqlClient
Public Class Settings
    Dim con As New MySqlConnection("host =localhost;user id=root;password=;database=cidb")
    Dim cmd As New MySqlCommand
    Dim dr As MySqlDataReader
    Private Sub Button1_Click_1(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
        con.Open()
        cmd.Connection = con
        cmd.CommandText = "select * from usertbl where uname='" & user.Text & "'and upassword= '" & Pword.Text & "'"

        dr = cmd.ExecuteReader
        If dr.HasRows Then
            Settings()
        Else
            MsgBox("Invalid Username or Password!")
        End If

    End Sub

 Private Sub Settings()
        Dim con As New MySqlConnection("host =localhost;user id=root;password=;database=cidb")
        Dim cmd As New MySqlCommand
        con.Open()
        cmd.Connection = con
        cmd.CommandText = "update usertbl set upassword='" & NewPword.Text & "' where uname= '" & usertxt.Text & "'"
        cmd.ExecuteNonQuery()
            MsgBox("You're successfully change your Password!")
            usertxt.Text = " "
            Pwordtxt.Text = " "
            Newuser.Text = " "
           con.Close()
    End Sub