更新时间:2023-11-30 23:42:04
使用参数时,不要对值使用撇号。因此,而不是Ole.commandText = select *登录,其中user ='@ usern'和pass ='@ pass'
尝试Ole.commandText = select * from login where user = @usern and pass = @pass
另一件事是你应该妥善处理这些物品。最简单的方法是使用使用
块。例如,请查看正确执行数据库操作 [ ^ ]
第三件事是您似乎将密码存储为纯文本。如果确实如此,您应该尽快修复它。请查看密码存储:如何操作。 [ ^ ]
I have got silly problem when i check username password in my login form but .... But its not working...
What I have tried:
Dim ole as new oledb.oledbcommnd()
ConnectData() ' database connection procedure
ole.connection = conn
Ole.commandText = "select * from login where user = '@usern' and pass = '@pass'"
Ole.parameters.add("@usern",oledbtype.varchar,30).value = username 'username is string type variable
ole.parameters.add("@pass",oledbtype.varchar,30).value = password 'password is string type variable
Dim dr as oledb.oledbdatareader = ole.executereader
if dr.read() then
dr.close
Return true
Else
Dr.close
Return false
End if
When you use parameters, you don't use apostrophes for the values. So instead ofOle.commandText = "select * from login where user = '@usern' and pass = '@pass'"
tryOle.commandText = "select * from login where user = @usern and pass = @pass"
Another thing is that you should properly dispose the objects. The easiest way is to useusing
block. For examples, have a look at Properly executing database operations[^]
And the third thing is that you seem to store the password as plain text. If this really is the case, you should fix it as soon as possible. Have a look at Password Storage: How to do it.[^]