stackoom
  简体   繁体   中英

How To Query A VB.NET Datasource

 原文  2011-09-20 16:50:45       sql/ vb.net/ visual-studio/ visual-studio-2010/ ms-access

Question

I have added a Datasoruce to my current project and the following has been added to my App.config file: 

<connectionStrings>
        <add name="WindowsApplication1.My.MySettings.dbConnectionString"
            connectionString="Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\db.accdb"
            providerName="System.Data.OleDb" />
    </connectionStrings>

How can I now query and update this datasource?

I have the following query: 

Dim sqlstr As String = "INSERT INTO Accounts(Username,Password)VALUES('" & Trim(Account(0)) & "','" & Trim(Account(1)) & "')"

But am not too sure how to actually run the query (New to VB, used to PHP and a single database connection file!)

1 answers

solution1
 4 ACCPTED  2011-09-20 16:59:28

How can I now query and update this datasource?

NOT how you're doing it right now!

You have two huge problems with that code:

  1. NEVER use string concatenation to insert values into an sql statement like that.
  2. NEVER store a password as plain text in a database.

There are ZERO cases where either of those are ever acceptable.

Here's one way it might look instead: 

Dim sql As String = "INSERT INTO Account (UserName, PasswordHash) VALUES ( ? , ? )"
Using cn As New OleDbConnection(ConfigurationManager.ConnectionStrings("dbConnectionString").ConnectionString), _
      cmd As New OleDbCommand(sql, cn)

    cmd.Parameters.Add("UserName", OleDbType.VarChar, 50).Value = Account(0).ToString().Trim()
    cmd.Parameters.Add("PasswordHash", OleDbType.Char, 20).Value = HashPassword(Account(1).ToString().Trim())

    cn.Open()
    cmd.ExecuteNonQuery()
End Using

Notice that I changed the name of one of your columns, and that I referrenced a HashPassword() function that doesn't exist yet. You'll need to build your own HashPassword() function to go with that code. When building the function, look for an scrypt or bcrypt function to use. Do not use MD5. The best that .Net has built in is SHA1. If you really must go that route (SHA1) you can, but scrypt or bcrypt are greatly preferred (this is why I'm not providing the function for you: it will rely on other code you must first get from the web).

When you go to authenticate a user, you must then use the same function to hash the attempted password, and compare the hashes rather than the original passwords. This is the only safe way to do it.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Declaring a datasource connection in VB.NET SQL Statement as datasource for listbox VB.NET Update Query in VB.NET vb.net and sql query How to query DB, and Join results with second query (VB.NET) vb.net update query with vb.net How to use this SQL UPDATE query in VB.NET How do I write to a Mysql database in VB.net with a query how to do dynamic sql query in vb.net? VB.NET How to get result in text from SQL Query
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM