1) 这是我检查用户名和密码的代码,如果匹配则登录。:
Private Sub cmdOK_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdOK.Click
Try
Dim dr As OleDb.OleDbDataReader
Dim cmd As OleDb.OleDbCommand
Dim logQuery As String = ("SELECT * FROM Login_db where Username='" & txtUsername.Text & "'")
cnnOLEDB.Open()
cmd = New OleDb.OleDbCommand(logQuery, cnnOLEDB)
dr = cmd.ExecuteReader
If dr.Read = True Then <-------------------- problem
If txtUsername.Text = dr("Username") Then
If txtPassword.Text = dr("Password") Then
MsgBox("Hii")
End If
Else
MsgBox("Byee")
End If
End If
Catch ex As Exception
MsgBox(ex.Message)
cnnOLEDB.Close()
End Try
End Sub
即使我在我的表中记录了记录,行if dr.read=true then也会返回false ...
2)这是我在Login表中添加新用户的代码
尝试
Dim addUser As String
addUser = "INSERT INTO Login_db(Username,Password) VALUES (@uname,@pswd)"
cnnOLEDB.Open()
Dim _comm As OleDb.OleDbCommand = New OleDb.OleDbCommand(addUser, cnnOLEDB)
_comm.Parameters.AddWithValue("@uname", txtUsername.Text)
_comm.Parameters.AddWithValue("@pswd", txtPasswd.Text)
_comm.ExecuteNonQuery()
cnnOLEDB.Close()
MsgBox("Record Inserted", MsgBoxStyle.OkOnly)
Catch ex As Exception
MsgBox(ex.Message)
cnnOLEDB.Close()
End Try
错误是:插入到语句中的语法错误..我无法找到我的错误。
PLZ解决我的问题...谢谢..
答案 0 :(得分:1)
我想这是一个MS Access数据库。在这种情况下,PASSWORD一词是保留的关键字 如果您已将该名称用作列名,则应始终使用方括号将其封装。
addUser = "INSERT INTO Login_db(Username,[Password]) VALUES (@uname,@pswd)"
作为旁注,您检索用户的选择查询是危险的,如果用户名包含单引号(撇号)可能会失败,或者更糟糕的可能是sql注入攻击的向量。像插入语句一样使用始终参数化查询
Dim logQuery As String = "SELECT * FROM Login_db where Username=@uname"
cnnOLEDB.Open()
cmd = New OleDb.OleDbCommand(logQuery, cnnOLEDB)
cmd.Parameters.AddWithValue("@uname", txtUserName.Text)