vb.net的初学者。。处理登录表单
这是我收到的错误 ExecuteReader CommandText属性尚未正确初始化vb.net的初学者。。处理登录表单,vb.net,Vb.net,这是我收到的错误 ExecuteReader CommandText属性尚未正确初始化 我真的需要帮助。这就是我收到的错误。谢谢假设publictable.Rows(0).项(4)中表示的字段名称命名为user\u type,则可以使用以下内容: Imports MySql.Data.MySqlClient Public Class Form1 Dim cmd As New MySqlCommand Dim da As New MySqlDataAdapter Dim c
我真的需要帮助。这就是我收到的错误。谢谢假设
publictable.Rows(0).项(4)
中表示的字段名称命名为user\u type,则可以使用以下内容:
Imports MySql.Data.MySqlClient
Public Class Form1
Dim cmd As New MySqlCommand
Dim da As New MySqlDataAdapter
Dim con As MySqlConnection = JOKENCONN()
Public Function JOKENCONN() As MySqlConnection
Return New MySqlConnection("server=localhost; user id=root; password=; database =studentdb")
End Function
Private Sub Form1_Load(sender As Object, e As EventArgs) Handles MyBase.Load
GroupBox1.Enabled = False
End Sub
Private Sub LBLLOGIN_CLICK(sender As Object, e As EventArgs) Handles lbllogin.Click
lbllogin.Text = "Login"
lbllogin.Text = "Login"
lblname.Text = "Hi, Guest"
If lbllogin.Text = "Login" Then
GroupBox1.Enabled = True
End If
End Sub
Private Sub BTNOK_CLICK(sender As Object, e As EventArgs) Handles btnok.Click
Dim Sql As String
Dim publictable As New DataTable
Try
If txtusername.Text = "" And txtpass.Text = "" Then
MsgBox("Password or username is incorrect!")
Else
Sql = "select ' from tbluseraccount where username='" & txtusername.Text & "' and userpassword='" & txtpass.Text & "'"
With cmd
.Connection = con
End With
da.SelectCommand = cmd
da.Fill(publictable)
If publictable.Rows.Count > 0 Then
Dim user_type As String
user_type = publictable.Rows(0).Item(4)
Name = publictable.Rows(0).Item(1)
If user_type = "Admin" Then
MsgBox("Welcome " & Name & "you login as Administrator")
lbllogin.Text = "logout"
lblname.Text = "Hi, " & Name
GroupBox1.Enabled = False
txtusername.Text = ""
txtpass.Text = ""
ElseIf user_type = "cetakoradi2" Then
MsgBox("Welcome " & Name & "you login as cetakoradi2")
lbllogin.Text = "logout"
lblname.Text = "Hi, " & Name
GroupBox1.Enabled = False
txtusername.Text = ""
txtpass.Text = ""
Else
End If
Else
MsgBox("contact administrator to register")
txtusername.Text = ""
txtpass.Text = ""
End If
da.Dispose()
End If
Catch ex As Exception
MsgBox(ex.Message)
con.Close()
End Try
End Sub
End Class
这段代码所做的是设置一个参数化查询,只获取用户名和密码与参数化值匹配的用户类型。因为应该只有一条记录符合这些条件(大概),所以我们可以使用ExecuteScalar只返回单个字段值。只是为了强调这一点,就像Microsoft的对应记录一样,执行查询,并返回查询返回的结果集中第一行的第一列。多余的列或行将被忽略“并返回”结果集中第一行的第一列,如果结果集为空,则返回一个空引用 @David建议的代码使用
IsNullOrWhitespace
检查这种情况
ExecuteScalar
有效,但一次只检索一个值。
OP追求的另一个选项是返回datarow
,如果他想同时返回多个字段,这是一种有效的方法。在他的示例中,他分别为变量user\u type
和Name
检索两个字段
要小心,VB.net和其他任何编程语言一样。如果你不习惯使用好的命名约定,有一天你可能会偶然发现其中一个关键字,可能会遇到一些模糊的错误。Name
不是变量的好名称,而且可能会引起混淆,因为每个对象都有一个正确的名称泰
为了解决当前的具体问题,错误消息ExecuteReader CommandText属性未正确初始化
是不言自明的。应该做的只是:
'Declare the object that will be returned from the command
Dim user_type As String
'Declare the connection object
Dim con As OleDbConnection
'Wrap code in Try/Catch
Try
'Set the connection object to a new instance
con = JOKENCONN()
'Create a new instance of the command object
Using cmd As OleDbCommand = New OleDbCommand("SELECT user_type FROM tbluseraccount WHERE username=@0 AND userpassword=@1;", con)
'Paramterize the query
cmd.Parameters.AddWithValue("@0", txtusername.Text)
cmd.Parameters.AddWithValue("@1", txtpass.Text)
'Open the connection
con.Open()
'Use ExecuteScalar to return a single value
user_type = cmd.ExecuteScalar()
'Close the connection
con.Close()
End Using
Catch ex As Exception
'Display the error
Console.WriteLine(ex.Message)
Finally
'Check if the connection object was initialized
If con IsNot Nothing Then
If con.State = ConnectionState.Open Then
'Close the connection if it was left open(exception thrown)
con.Close()
End If
'Dispose of the connection object
con.Dispose()
End If
End Try
If (String.IsNullOrWhitespace(user_type)) Then
'Failed login
ElseIf (user_type = "Admin") Then
'Admin login
ElseIf (user_type = "cetakoradi2") Then
'cetakoradi2 login
Else
'Not a failed login, but also not an admin or cetakoradi2 either
End If
您定义了一个命令,但没有告诉它做什么。在您的代码中,变量Sql
已定义但未使用。如果缺少此位,代码可能会按预期工作
小细节: 不严重,但如果输入空格,则他的情况不起作用,例如:
With cmd
.Connection = con
.CommandText = Sql
End With
一个改进是简单地修剪文本框中的值:
If txtusername.Text = "" And txtpass.Text = "" Then
但是我认为你想要的不是和
,而是或
与其做多个
If/ElseIf
,不如做一个Select Case
在编程中有两件事通常会导致安全问题非常普遍和重要,即使是为了学习、概念验证或示例代码也不可以。这会破坏这两件事。在做任何其他事情之前,先看看了解如何使用参数化查询来避免SQL注入,以及如何使用BCrypt来散列您的密码。请投票演示参数,但如何使用.Add方法。请参阅和和另一个:下面是另一个
If txtusername.Text.Trim = "" And txtpass.Text.Trim = "" Then