1

このパラメータ化されたクエリを変更したい

On Error Resume Next
        Dim timex As String
        Dim isigroup As DataTable
        objdata = New clsMSSQL
        isigroup = objdata.QueryDatabase("SELECT * FROM Userx WHERE Username='" & txtuser.Text & "' AND Userpass ='" & txtpassword.Text & "'")
        If isigroup.Rows.Count > 0 Then
            For i = 0 To isigroup.Rows.Count - 1
                If isigroup.Rows(i)("username") <> txtuser.Text Or isigroup.Rows(i)("userpass") <> txtpassword.Text Then
                    MsgBox("Access denied username and password !!!", MsgBoxStyle.Information, "Attention.....")
                    xcountx = xcountx + 1
                    If xcountx >= 3 Then
                        MsgBox("You have reach the maximum time of login !!", MsgBoxStyle.Exclamation, "Προσοχή.....")
                        End
                    End If
                    Exit Sub
                End If
            Next
            username = isigroup.Rows(0)("Username")
            xUser_ID = isigroup.Rows(0)("User_id")
            xUser_Access = isigroup.Rows(0)("Access_Type")
            timex = TimeOfDay
            isigroup = objdata.QueryDatabase("INSERT INTO Audit_Log (User_ID, Login) VALUES(" & xUser_ID & ", '" & timex & "')")
            isigroup = objdata.QueryDatabase("SELECT * FROM Audit_Log ORDER BY LOG_ID DESC")
            LOGID = isigroup.Rows(0)("LOG_ID")
            Audit_Trail(xUser_ID, TimeOfDay, "Login to system ")

色々やってみたけど上手くいかない 助けてください

これがクラスです

Imports System.Data.SqlClient

Public Class clsMSSQL

    Public Shared con As New SqlConnection(constring)
    Private DbSwtable As DataTable

    Public Function QueryDatabase(ByVal Query As String) As DataTable

        Try
            Dim objDataSet As New DataSet
            Dim objDataTable As New DataTable
            Dim objDataAdapter As New SqlDataAdapter(Query, con)
            objDataAdapter.Fill(objDataSet, "DefaultTable")
            objDataTable = objDataSet.Tables("DefaultTable")
            con.Close()

            Return objDataTable
        Catch ex As Exception
            MessageBox.Show(ex.Message, "Λάθος", MessageBoxButtons.OK, MessageBoxIcon.Error)

            Return DbSwtable
        End Try
    End Function
4

2 に答える 2

3

関数 QueryDataBase を次のように編集します。

usernameパラメータを追加し、DataAdapterpasswordのプロパティを使用します。SelectCommandまた、関数の名前を QueryDatabase から に変更しGetUserDataます。

Public Function GetUserData(username as string, password as string) As DataTable
        Try
            Dim objDataSet As New DataSet
            Dim objDataTable As New DataTable
            Dim sql As String = "SELECT * FROM Userx WHERE Username=@Username AND Userpass=@Userpass"
            Dim objDataAdapter As New SqlDataAdapter()
            Dim selectCmd as new SqlCommand(sql, con)
            selectCmd.Parameters.Add("@Username", SqlDbType.Varchar).Value = UserName 
            selectCmd.Parameters.Add("@UserPass", SqlDbType.Varchar).Value =Password 
            objDataAdapter.SelectCommand = selectCmd;
            objDataAdapter.Fill(objDataSet, "DefaultTable")
            objDataTable = objDataSet.Tables("DefaultTable")
            con.Close()

            Return objDataTable
        Catch ex As Exception
            MessageBox.Show(ex.Message, "Λάθος", MessageBoxButtons.OK, MessageBoxIcon.Error)

            Return DbSwtable
        End Try
    End Function

次に、UI から次のように関数を呼び出します。

isigroup = objdata.GetUserData(txtuser.Text, txtpassword.Text)
于 2013-06-29T15:01:48.187 に答える
1

Fabian の回答の修正版: 関数 QueryDataBase を次のように編集します。

ユーザー名とパスワードのハッシュのパラメーターを追加し、DataAdapter の SelectCommand プロパティを使用します。また、関数の名前を QueryDatabase から GetUserData に変更します。

Public Function GetUserData(username as string, PassHash as string) As DataTable
    Try
        Dim objDataSet As New DataSet
        Dim objDataTable As New DataTable
        Dim sql As String = "SELECT * FROM Userx WHERE Username=@Username AND PassHash =@PassHash"
        Dim objDataAdapter As New SqlDataAdapter()
        Dim selectCmd as new SqlCommand(sql, con)
        selectCmd.Parameters.Add("@Username", SqlDbType.Varchar).Value = UserName 
        selectCmd.Parameters.Add("@PassHash", SqlDbType.Varchar).Value =PassHash 
        objDataAdapter.SelectCommand = selectCmd;
        objDataAdapter.Fill(objDataSet, "DefaultTable")
        objDataTable = objDataSet.Tables("DefaultTable")
        con.Close()

        Return objDataTable
    Catch ex As Exception
        MessageBox.Show(ex.Message, "Λάθος", MessageBoxButtons.OK, MessageBoxIcon.Error)

        Return DbSwtable
    End Try
End Function

次に、UI から、次のように関数を呼び出します。

isigroup = objdata.GetUserData(txtuser.Text, gethash(txtpassword.Text))
于 2013-06-29T17:07:45.207 に答える