'code '
Dim conn as SqlConnection = new SqlConnection("SERVER=LOGICSERVERDB;DATABASE=sample;User=sa;Pwd=codename")
conn.Open()
Dim userId as String = txtUserId.Text
Dim sql as String = "SELECT name, password FROM users WHERE id=@userid"
Dim cmd as SqlCommand = new SqlCommand()
cmd.Connection = conn
cmd.CommandType = CommandType.Text
cmd.CommendText = sql
cmd.Parameters.AddWithValue("userid", userId);
Dim dr as SqlDataReader = cmd.ExecuteReader()
如果您乐意采用,只需做一个小的更改:
SqlConnection
实现了idisable。尝试用Using
块来包装它,原因如下:
不确定稍后是否在某处使用了您的姓名和密码。如果它在后面的部分不使用,为什么不直接发送作为参数和SELECT Count
,然后是ExecuteScalar?
如果userId
只使用一次,我将减少一行代码,而不声明变量
Using conn As New SqlConnection("SERVER=LOGICSERVERDB;DATABASE=sample;User=sa;Pwd=codename")
conn.Open()
Dim sql As String = "SELECT name, password FROM users WHERE id=@userid"
Dim cmd As New SqlCommand
cmd.Connection = conn
cmd.CommandType = CommandType.Text
cmd.CommandText = sql
cmd.Parameters.AddWithValue("@userid", txtUserId.Text)
Dim dr As SqlDataReader = cmd.ExecuteReader()
End Using