[英]Invalid attempt to access a field before calling Read() vb.NET and MySQL
I receive this error every time I try log in with incorrect details which should show a message-box "invalid username..." and when no details are entered it should show "please enter... 每当我尝试使用不正确的详细信息登录时都会收到此错误,该错误信息应显示一个消息框“无效的用户名...”,而如果没有输入任何详细信息,则应显示“请输入...”
conn = New MySqlConnection
conn.ConnectionString = "server=localhost; userid=root; password=...; database=..."
Dim reader As MySqlDataReader
Try
conn.Open()
Dim Query As String
Query = "SELECT Username, Password, Admin FROM appointments.tblLogin WHERE Username='" & TextBox_Username.Text & "' AND Password='" & TextBox_Password.Text & "' "
cmd = New MySqlCommand(Query, conn)
reader = cmd.ExecuteReader
Dim count As Integer
count = 0
While reader.Read
count = count + 1
End While
If reader.GetInt32("Admin") = 1 Then
AdminMainMenu.Show()
Me.Hide()
ElseIf reader.GetInt32("Admin") = 0 Then
MainMenu.Show()
Me.Hide()
Else
MessageBox.Show("Invalid username or password")
End If
If TextBox_Username.Text.Equals("") And TextBox_Password.Text.Equals("") Then
MessageBox.Show("Please enter a username and password")
End If
conn.Close()
Catch ex As MySqlException
MessageBox.Show(ex.GetBaseException.ToString)
Finally
conn.Dispose()
End Try
The MySqlDataReader can move forward-only, once it reaches the end of the rows retrieved by the command, it cannot go back to read previous rows. MySqlDataReader只能向前移动,一旦到达命令所检索的行的末尾,就无法返回以读取先前的行。
The loop used to count the number of rows moves the reader to the end of the data stream. 用于计算行数的循环将读取器移至数据流的末尾。 So trying to read the Admin field result in an exception.
因此,尝试读取Admin字段会导致异常。
If TextBox_Username.Text.Equals("") And _
TextBox_Password.Text.Equals("") Then
MessageBox.Show("Please enter a username and password")
Return
End If
.... opening and executing the command code....
If reader.Read Then
Dim isAdmin = (reader.GetInt32("Admin") = 1)
If isAdmin Then
AdminMainMenu.Show()
Me.Hide()
Else Then
MainMenu.Show()
Me.Hide()
End If
Else
MessageBox.Show("Invalid username or password")
End If
conn.Close()
Notice that I have removed the loop and used a simple if/else statement around the Read method to display the error message and I have changed the reading of the Admin flag creating a boolean variable to simplify the logic inside the true part of the if block. 注意,我已经删除了循环,并在Read方法周围使用了一个简单的if / else语句来显示错误消息,并且我更改了Admin标志的读取方式,创建了一个布尔变量,以简化if块真实部分的逻辑。 。
Said that, you need to look at how build parameterized queries because your string concatenation to build the commandtext exposes your program to Sql Injection Attacks (not to mention syntax errors if some of your textbox contains a single quote, try it...) 话虽如此,您需要查看如何构建参数化查询,因为用于构建命令文本的字符串串联会使您的程序受到Sql Injection Attacks的攻击(更不用说语法错误,如果某些文本框包含单引号,请尝试...)
Consider also that from a security standpoint you should never store passwords in the database in clear text. 还请考虑从安全角度出发,切勿将密码以明文形式存储在数据库中。 Use always an hash of the password
始终使用密码的哈希值
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.