im制作了一个mysql-sigin表单,并试图使用我的用户表来控制登录访问,但每当我键入任何随机字母时,它都会登录,而不会显示无效用户名的错误。
这就是我目前所拥有的:
Imports MySql.Data.MySqlClient
Public Class frmLogin
Private Sub cmdCancel_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdCancel.Click
Application.Exit()
End Sub
Private Sub cmdLogin_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles cmdLogin.Click
Dim conn As New MySqlConnection
Dim myCommand As New MySqlCommand
Dim myConnString As String
Dim UserID As String
myConnString = "server=" & My.Settings.HostIP & ";" _
& "user id=" & My.Settings.Username & ";" _
& "password=" & My.Settings.Password & ";" _
& "database=attendance"
conn.ConnectionString = myConnString
Try
conn.Open()
myCommand.Connection = conn
myCommand.CommandText = "SELECT user_bannerid FROM user WHERE BINARY username = ?Username"
myCommand.Parameters.Add("?Username", txtUsername.Text)
UserID = myCommand.ExecuteScalar
conn.Close()
Dim mainForm As New frmMain
mainForm.UserID = UserID
mainForm.connectionString = myConnString
mainForm.Show()
Me.Hide()
Me.Close()
Catch myerror As MySqlException
MessageBox.Show("Invalid User. Please Enter Your Correct Username")
conn.Dispose()
End Try
End Sub
Private Sub frmLogin_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
Me.AcceptButton = cmdLogin
Me.CancelButton = cmdCancel
End Sub
End Class
这是因为在关闭表单之前没有测试userid的值。
您还需要实现using语句,以确保所有一次性物品都得到正确处理。
这里有一个解决这两个问题的重写:
Try
Using conn As New MySqlConnection
Using myCommand As New MySqlCommand
Dim myConnString As String
Dim UserID As String
myConnString = "server=" & My.Settings.HostIP & ";" _
& "user id=" & My.Settings.Username & ";" _
& "password=" & My.Settings.Password & ";" _
& "database=attendance"
conn.ConnectionString = myConnString
conn.Open()
myCommand.Connection = conn
myCommand.CommandText = "SELECT user_bannerid FROM user WHERE BINARY username = ?Username"
myCommand.Parameters.Add("?Username", txtUsername.Text)
Dim oUserID As Object
oUserID = myCommand.ExecuteScalar
conn.Close()
If oUserID IsNot DBNull.Value AndAlso Not String.IsNullOrEmpty(oUserID) Then
Dim mainForm As New frmMain
mainForm.UserID = UserID
mainForm.connectionString = myConnString
mainForm.Show()
Me.Hide()
Me.Close()
Else
MessageBox.Show("Invalid User. Please Enter Your Correct Username")
End If
End Using
End Using
Catch myerror As MySqlException
MessageBox.Show("SQL Error" & myerror.ToString())
End Try