我是vb.net的初学者,当我开始编码错误“System.Data.dll中发生类型'System.InvalidOperationException'的未处理异常时”我不知道该怎么做。这是我的代码。
Dim cmd As New OleDbCommand("SELECT * FROM [login] WHERE [ID] & [Password] =" & TextBoxUsername.Text & TextBoxPassword.Text & "", myConnection)
myConnection.Open() '*its keep pointing at this*
Dim dr As OleDbDataReader = cmd.ExecuteReader
Dim userFound As Boolean
Dim userID As String = ""
Dim UserPassword As String = ""
While dr.Read
userFound = True
userID = dr("ID").ToString
UserPassword = dr("Password").ToString
Form2.Show()
Me.Hide()
End While
If userFound = False Then
MessageBox.Show("Invalid Username/Password")
'Button","User Validation", MessageBoxButton.OK , MessageBoxIcon.Error)'
End If
myConnection.Close()
End Sub
结束班**
答案 0 :(得分:0)
您目前还没有将参数包装在单引号中,并且您的WHERE子句语法似乎已关闭。你可能想要这样的东西:
"SELECT * FROM [login] WHERE [ID] = '" & TextBoxUsername.Text & "' AND [Password] = '" & TextBoxPassword.Text & "'"
这里一个更大的问题是你应该使用参数来构建你的查询,这不仅可以帮助你避免这样的问题,而且还可以帮助防止像SQL注入这样令人讨厌的事情:
' Build your connection '
Using(Dim myConnection As New OleDbConnection("{your-connection-string"}))
' Use parameters in your query '
Dim query = "SELECT * FROM [login] WHERE [ID] = ? AND Password = ?"
' Build your command to execute '
Using(Dim myCommand As New OleDbCommand(query, myConnection))
' Open your connection '
myConnection.Open()
' Add your parameters (these will replace the ? in your query)
myCommand.Parameters.AddWithValue("@ID",TextBoxUsername.Text)
myCommand.Parameters.AddWithValue("@Password",TextBoxPassword.Text)
Using(Dim myReader = myCommand.ExecuteReader())
If myReader.HasRows Then
' Do stuff '
userFound = True
userID = dr("ID").ToString
UserPassword = dr("Password").ToString
Form2.Show()
Me.Hide()
Else
' Do other stuff '
MessageBox.Show("Invalid Username/Password")
End If
End Using
End Using
End Using