用VB与SQL SERVER连接,读取界面的时候首先判断出用户账号和密码。正确后在数据库中读取出该登录用处的级别,在数据库中用数字1、2、3代表。现在登录界面判断账号已经做好了,但是如何通过判断账号正确后来读取用户的级别并且赋值给VB中的一个INTEGER变量,达到通过数字来判断用户等级从而打开不同的界面??我什么都不会,告诉我下具体代码啊,,最好有注释吧。。感谢不尽,~~谢谢了
解决方案 »
- 菜鸟提问.高手莫笑,万忘解答!!!
- picture上视频保存成bmp图片
- 100分求助!在这个示例程序中,文件下载到大概90%的时候,就会停止,请高手改正,100分相送!
- 如何发送带附件的邮件,多谢
- ▲很简单的API应用▲请大家帮着看看错在哪了。在线等待,高分相送。
- 求助:用VB(A)可以将数据生成图表(折线图、柱型图等)后插入word中吗?请大家帮忙!谢谢!!!
- 请问怎样取得台式机的串口名称,如com1,com2,com5等
- 如何在多线程中 使用 inet1 控件
- 怎样在窗体的关闭按扭之前加一个只有“?”号的帮助按扭?
- 怎么用VB把TXT文件转成BMP格式的文件?!
- 寻找vb在文本中插入一行数据最优的方法
- picture控件
例
sql="select where 用户列=username from 表名"
Rs.Open Sql, Conn, 3, 3
jibie=RS("级别列")
cn.Opon "Provider=sqloledb;Data Source=Aron1;Initial Catalog=pubs;User
Id=sa;Password=123;" '连接字符串根据你的情况更改
Set rs = cn.Execute("SELECT 密码, 级别 FROM 用户表 WHERE 用户账号 ='" & txtAcount & "'")If Not rs.EOF Then
If rs!密码 = txtPassword Then intUserLevel = rs!级别
End If Set rs = Nothing
cn.Close
Set cn = Nothing
不过麻烦大家在帮我看下这个代码还哪有错误吧。。谢谢了Private Sub cmdOK_Click()
Dim connectionstring As String
connectionstring = "Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=S_M_System;Data Source=(LOCAL)"Dim UserNo As String
Dim userpassword As String
Dim str As String
Dim SQL As String
Dim nTryCount As Integer
nTryCount = 0
Dim COUNT As String
Dim rs As New ADODB.Recordset
Set rs = New ADODB.Recordset
UserNo = Trim(txtUserNo.Text)
userpassword = Trim(txtPassword.Text)str = "select * from user_info where number='" & UserNo & "' and password = '" & userpassword & " '"
rs.Open str, connectionstring, adOpenKeyset, 2
COUNT = rs("Ulevel")If rs.EOF Then '登录失败
MsgBox "对不起,无此用户或者密码不正确!请重新输入!!", vbCritical, "错误"
txtUserNo.Text = ""
txtPassword.Text = ""
txtUserNo.SetFocus
nTryCount = nTryCount + 1
If nTryCount >= 3 Then
MsgBox "您无权操作本系统!", vbCritical, "无权限"
Unload Me
End If
Else '登陆成功
If COUNT = 1 Then
Amain.Show
Unload Me
End If
If COUNT = 2 Then
Tmain.Show
Unload Me
End If
If COUNT = 3 Then
Smain.Show
Unload Me
End IfEnd If
Exit SubEnd Sub现在错误三次不出现提示,,判断等级那里还是不错,在if count=几那里提示类型不对,是我还没赋值正确啊?
Dim connectionstring As String
connectionstring = "Provider=SQLOLEDB.1;Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=S_M_System;Data Source=(LOCAL)"
Dim UserNo As String
Dim userpassword As String
Dim str As String
Dim SQL As String
Dim nTryCount As Integer
nTryCount = 0
Dim COUNT As String
Dim rs As New ADODB.Recordset
Set rs = New ADODB.Recordset
UserNo = Trim(txtUserNo.Text)
userpassword = Trim(txtPassword.Text)
str = "select * from user_info where number='" & UserNo & "' and password = '" & userpassword & " '"
rs.Open str, connectionstring, adOpenKeyset, 2
COUNT = rs("Ulevel")
If rs.EOF Then '登录失败
MsgBox "对不起,无此用户或者密码不正确!请重新输入!!", vbCritical, "错误"
txtUserNo.Text = ""
txtPassword.Text = ""
txtUserNo.SetFocus
nTryCount = nTryCount + 1
If nTryCount >= 3 Then
MsgBox "您无权操作本系统!", vbCritical, "无权限"
End If
Else '登陆成功
intUserLevel = rs!级别
Select Case COUNT
Case 1
Amain.Show
Case 2
Tmain.Show
Case 3
Smain.Show
End Select
End If
rs.Close
Set rs = Nothing
Unload Me
' Exit SubEnd Sub
拿到窗体级定义
nTryCount = 0
放到form_load里
UserNo = "' OR 1=1 Or ''='"
userpassword = 任意值你的查询语句将是:"select * from user_info where number='' OR 1=1 OR '' = '' and password = '123456'"这个 Where 条件恒为 True攻击者就可以获得你所有用户记录中第一条记录的权限,很可能是管理员哟。防御的方法是,获得记录后,再检查一次用户账号和输入内容是否一致,口令与输入值是否一致。