请大家看一下为什么不验证旧密码是否正确，请大家顺便指导一下代码哪里有不足，谢谢

procedure TForm4.Button1Click(Sender: TObject);
var sqlstr:string;
begin
adoquery1.close;
ADOQuery1.SQL.Clear;
sqlstr:='select * from users where name='''+form1.Edit1.Text+''' and password='''+form1.edit2.text+'''';
ADOQuery1.SQL.Add(sqlstr);
adoquery1.Open;
if edit1.text='' then
begin
showmessage('密码错误');
edit1.SetFocus;
exit;
end;
if (edit2.text='') or (edit3.text='') then
begin
showmessage('密码不能为空');
edit2.SetFocus;
exit;
end;
if length(trim(edit2.text))<6 then
begin
showmessage('密码不能少于6位');
edit2.SetFocus;
exit;
end;
if edit2.text<>edit3.text then
showmessage('两次输入的密码不一致');
edit2.SetFocus;
exit;
if not ADOQuery1.Locate('password',edit1.Text,[]) then
begin
showmessage('输入的密码错误');
edit1.text:='';
edit1.SetFocus;
exit;
end
else if edit2.text=edit3.text then
begin
ADOQuery1.Close;
ADOQuery1.SQL.Clear;
sqlstr:='update users set [password]='''+trim(edit2.Text)+''' where name='''+form1.Edit1.Text+'''';
ADOQuery1.SQL.Text:=sqlstr;
ADOQuery1.ExecSQL;
showmessage('修改成功');
exit;
end;
end;

解决方案 »

免费领取超大流量手机卡，每月29元包185G流量+100分钟通话, 中国电信官方发货

第一次adoquery1.Open;后，你根本就没有判断adoquery1是否选出了记录，如果没有，就不应该往下执行
再有，你那一堆判断edit中内容的代码，应该放到adoquery1.Open;操作前进行
unit sys_login;interfaceuses
  Windows, Messages, SysUtils, Variants, Classes, Graphics, Controls, Forms,
  Dialogs, dxCntner, dxEditor, dxEdLib, StdCtrls, Buttons, ExtCtrls,ShellAPI,
  cxTextEdit, cxControls, cxContainer, cxEdit,IniFiles,WinSock,Sockets;type
  Tsys_Login_f = class(TForm)
    lbl_userno: TLabel;
    lbl1: TLabel;
    lbl2: TLabel;
    img1: TImage;
    lbl3: TLabel;
    lbl4: TLabel;
    bvl1: TBevel;
    btn_ok: TBitBtn;
    btn_cancel: TBitBtn;
    btn_setup: TBitBtn;
    lbl5: TLabel;
    cxte_userno: TcxTextEdit;
    cxte_password: TcxTextEdit;
    cxte_username: TcxTextEdit;
    cxte_bm: TcxTextEdit;
    lbl_ip: TLabel;
    procedure btn_cancelClick(Sender: TObject);
    procedure btn_okClick(Sender: TObject);
    procedure FormKeyPress(Sender: TObject; var Key: Char);
    procedure FormCreate(Sender: TObject);
    procedure cxte_usernoExit(Sender: TObject);
    procedure cxte_usernoEnter(Sender: TObject);
    procedure btn_setupClick(Sender: TObject);
  private
    { Private declarations }
   FLastUserNo: string;
  public
    { Public declarations }
  end;var
  sys_Login_f: Tsys_Login_f;
  function sendarp(ipaddr:ulong;temp:dword;ulmacaddr:pointer;ulmacaddrleng:pointer):DWord;StdCall;External 'Iphlpapi.dll' Name 'SendARP';implementationuses CommDeclare, sys_datamoudle, sys_setup;{$R *.dfm}procedure Tsys_Login_f.btn_cancelClick(Sender: TObject);
begin
  ModalResult := mrCancel;
end;procedure Tsys_Login_f.btn_okClick(Sender: TObject);
var
  mymac:array[0..5] of byte;
  mymaclength:ulong;
  tmp:TInAddr;
  tp:ttcpclient;
begin
  with sys_datamodule.qry_qry_login do
  begin
    Close;
    SQL.Text:='select * from MES..SYS_LOGINUSER where ACCOUNT_ID=:ACCOUNT_ID and PSDWORD=:PSDWORD';
    Parameters.ParamByName('ACCOUNT_ID').Value:=cxte_userno.Text;
    Parameters.ParamByName('PSDWORD').Value:=cxte_password.Text;
    Open;
    if IsEmpty then
    begin
      FrmMsgBox('提示','登陸失敗!',MsgBox_OK_ERROR);
      cxte_password.SelectAll;
      cxte_password.SetFocus;
      Close;
      Exit;
    end;
    _UserNo   := FieldByName('ACCOUNT_ID').AsString;
    _UserName := FieldByName('FULL_NAME').AsString;
    _UserBm   := FieldByName('BM').AsString;
    _PLANER_ID:= FieldByName('PLANER_ID').AsString;
    _UserBmmc := FieldByName('by1').AsString;
    _MJ       := FieldByName('by2').AsString;
    _email    := FieldByName('Email').AsString;
    if FieldByName('iswk').AsString='0' then
    begin
      FrmMsgBox('提示',_UserName+',已經離職，不能登錄系統!!!',MsgBox_OK_ERROR);
      cxte_password.SelectAll;
      cxte_password.SetFocus;
      Close;
      Exit;
    end;
    try
      tp:=ttcpclient.create(self);
      tp.close;
      tp.open;
      PC_Name:=Trim(tp.LocalHostName);
      PC_IP:=Trim(tp.LocalHostAddr);
      tp.close;
      mymaclength:=length(mymac);
      if sendarp(inet_addr(pChar(PC_IP)),0,@mymac,@mymaclength)=0 then
      begin
        tmp.S_addr:=inet_addr(pChar(PC_IP));
        PC_MAC:=Trim(format('%2.2x-%2.2x-%2.2x-%2.2x-%2.2x-%2.2x',[mymac[0],mymac[1],mymac[2],mymac[3],mymac[4],mymac[5]]));
      end;
      Close;
      SQL.Text:='insert into SYS_LoginLog(PC_SPID,UserID,UserName,PC_Name,PC_IP,PC_MAC,LoginStatus)values(@@SPID,'+quotedstr(_UserNo)+','+quotedstr(_UserName)+','+ quotedstr(PC_Name)+','+ quotedstr(PC_IP)+','+ quotedstr(PC_MAC)+',''Login'')';
      ExecSQL;
    except
    end;
  end;
  ModalResult := mrOK;
end;procedure Tsys_Login_f.FormKeyPress(Sender: TObject; var Key: Char);
begin
if key=#13 then
   begin
     Key:= #0;
     Perform(WM_NEXTDLGCTL, 0, 0);
   end
end;procedure Tsys_Login_f.FormCreate(Sender: TObject);
begin
  ShellExecute(Handle,'open',PChar(ExtractFilePath(ParamStr(0))+'Update.exe'),PChar('auto'),nil,SW_NORMAL);
  lbl_ip.Caption:='Server IP:'+ _ServerNmae;
end;procedure Tsys_Login_f.cxte_usernoExit(Sender: TObject);
begin
    if UpperCase(cxte_userno.Text)<>UpperCase(FLastUserNo) then
    with sys_datamodule.adoq_temp do
    begin
      Close;
      SQL.Text := 'select * from MES..SYS_LOGINUSER where ACCOUNT_ID='+ QuotedStr(cxte_userno.Text);
      Open;
      cxte_username.Text := FieldByName('FULL_NAME').AsString;
      cxte_bm.Text := FieldByName('BM').AsString;
      Close;
    end;
end;procedure Tsys_Login_f.cxte_usernoEnter(Sender: TObject);
begin
  FLastUserNo := cxte_userno.Text;
end;procedure Tsys_Login_f.btn_setupClick(Sender: TObject);
begin
  sys_setup_f:=Tsys_setup_f.Create(Application);
  sys_setup_f.ShowModal;
  sys_setup_f.Free;
end;end.