我编写了以下函数来验证用户的登录数据,但到目前为止它没有正常工作,我确信它有问题:
Private Sub button2_Click(ByVal sender As System.Object, ByVal e As System.Windows.RoutedEventArgs) Handles button2.Click
If loginpasswordtx.Text.Length > 1 And loginpasswordtx.Text.Length > 1 And My.Settings.SQLConnectionString.Length > 5 Then
Try
Dim cnn As New SqlConnection(My.Settings.SQLConnectionString)
Dim cmd = New SqlCommand("SELECT AppUser,AppUserPass FROM OrderAppUsers WHERE AppUser=@AppUser AND AppUserPass=@AppUserPass", cnn)
cmd.Parameters.Add(New SqlParameter("@AppUser", createuserAppUser.Text))
cmd.Parameters.Add(New SqlParameter("@AppUserPass", MD5StringHash(loginpasswordtx.Text)))
cnn.Open()
Dim obj As Object = cmd.ExecuteScalar()
If obj = Nothing Then
MsgBox("Faild to Log in, check your log in info")
cnn.Close()
Return
End If
cnn.Close()
Catch ex As SqlException
MsgBox(ex.Message)
Return
End Try
MsgBox("Logged in Successfully")
End If
End Sub
即使用户和通行证存在于表格中,我得到的只是null obj
。
以下代码用于添加新用户
Try
Dim cnnstring As String = String.Format("Server={0};Database={1};Trusted_Connection=True;", createuserServerTx.Text, createuserDatabaseTx.Text)
Dim cnn As New SqlConnection(cnnstring)
Dim cmd As New SqlCommand("INSERT INTO OrderAppUsers VALUES (@AppUser, @AppUserPass)", cnn)
cmd.Parameters.Add(New SqlParameter("@AppUser", createuserAppUser.Text))
cmd.Parameters.Add(New SqlParameter("@AppUserPass", MD5StringHash(createuserpassword.Text)))
cnn.Open()
cmd.ExecuteNonQuery()
cnn.Close()
MsgBox("User Crated Successfully")
LayoutControl1.Visibility = Windows.Visibility.Collapsed
My.Settings.SQLConnectionString = cnnstring
My.Settings.Save()
Catch ex As SqlException
MsgBox(ex.Message)
End Try
以及生成自定义哈希的函数
Private Function MD5StringHash(ByVal strString As String) As String
Dim MD5 As New MD5CryptoServiceProvider
Dim Data As Byte()
Dim Result As Byte()
Dim R As String = ""
Dim Temp As String = ""
Data = Encoding.ASCII.GetBytes(strString)
Result = MD5.ComputeHash(Data)
For i As Integer = 0 To Result.Length - 1
Temp = Hex(3 * Result(i) + 1)
If Len(Temp) = 1 Then Temp = "0" & Temp
R += Temp
Next
Return R
End Function
答案 0 :(得分:1)
添加参数
时请尝试以下操作cmd.Parameters.AddWithValue("@AppUser", createuserAppUser.Text)
cmd.Parameters.AddWithValue("@AppUserPass", MD5StringHash(loginpasswordtx.Text))
或者只是坚持你的所作所为,但与你的不同,
cmd.Parameters.Add("@AppUser", SqlDbType.VarChar)
cmd.Parameters("@AppUser").Value = createuserAppUser.Text
cmd.Parameters.Add("@AppUserPass", SqlDbType.VarChar)
cmd.Parameters("@AppUserPass").Value = MD5StringHash(loginpasswordtx.Text)
顺便说一句,当使用ExecuteScalar()
时,它只返回单个值。所以你的查询可以写成
SELECT COUNT(*)
FROM OrderAppUsers
WHERE AppUser=@AppUser AND AppUserPass=@AppUserPass
您可以使用int
变量来存储其值
Dim obj As int = Cint(cmd.ExecuteScalar())
所以可能的值是0
或记录总数。
If obj = 0 Then
MsgBox("Faild to Log in, check your log in info")
'' other codes
End If
并通过折射您的代码,使用Using -Statement
Using cnn As New SqlConnection(My.Settings.SQLConnectionString)
Using cmd = New SqlCommand("SELECT COUNT(*) FROM OrderAppUsers WHERE AppUser=@AppUser AND AppUserPass=@AppUserPass", cnn)
cmd.Parameters.AddWithValue("@AppUser", createuserAppUser.Text)
cmd.Parameters.AddWithValue("@AppUserPass", MD5StringHash(loginpasswordtx.Text))
cmd.CommandType = CommandType.Text
Try
cnn.Open()
Dim obj As int = Cint(cmd.ExecuteScalar())
If obj = 0 Then
MsgBox("Faild to Log in, check your log in info")
Else
MsgBox("Logged in Successfully")
End If
Catch(ex As SqlException)
MsgBox(ex.Message.ToString())
End Try
End Using
End Using
答案 1 :(得分:0)
我在我的本地系统中检查了你的代码并且它工作正常我的意思是我能够验证它的返回true我分析并发现它返回false只有当我在加密前在密码文本上添加一个空格时才可以检查数据库value是添加到密码值的空间,还是可以发布加密代码