此代码有什么问题:
Dim con As ADODB.Connection
Dim rec As ADODB.Recordset
Set con = New ADODB.Connection
Set rec = New ADODB.Recordset
Dim count As Integer
con.Open "Provider=MSDAORA.1;Password=****;User ID=system;Persist Security Info=False"
con.CursorLocation = adUseClient
rec.Open "select count(*) as c from login_hisab where username = " & Text1.Text & " and password = " & Text2.Text & "", con, adOpenDynamic, adLockOptimistic
count = rec.Fields("c")
If count = 0 Then
MsgBox "Invalid USERNAME or PASSWORD"
End If
答案 0 :(得分:2)
您可能必须将sql值放在单引号中:
where username = '" & Text1.Text & "' and password = '" & Text2.Text & "'"
答案 1 :(得分:0)
尝试使用像这样的参数化查询(航空代码)。意味着您不必担心包含'或"的密码,您不必担心SQL注入等。
dim cmd As ADODB.Command
Set cmd = New ADODB.Command
cmd.CommandType = adCmdText
cmd.CommandTimeout = 30
cmd.CommandText = "select count(*) as c from login_hisab where username = ? and password = ?"
cmd.Parameters.Append cmd.CreateParameter("userid", adVarChar, _
adParamInput, Len(Text1.Text), Text1.Text)
cmd.Parameters.Append cmd.CreateParameter("pwd", adVarChar, _
adParamInput, Len(Text2.Text), Text2.Text)
cmd.ActiveConnection = con
Set rec = cmd.Execute()
count = rec.Fields("c")
If count = 0 Then
MsgBox "Invalid USERNAME or PASSWORD"
End If