您的 SQL 语法有误,Visual Basic on visual studio with MySQL
You have an error in your SQL syntax, Visual Basic on visual studio with MySQL
我是编码新手。我正在尝试在 visual studio 2019 中使用 MySQL 8 创建一个登录表单 请任何人帮助我找出我的代码有什么问题。当我 运行 它执行的代码 MsgBox("Dublicate Entry...Contact Costumer Service at 1010) 并给出以下错误。
'MySql.Data.MySqlClient.MySqlException: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Where Title='CEO' and Name='Demeth' and Pin Code='1234'' at line 1'
我有疑问;在 MySQL 查询中 employee.empde 的末尾但是当我删除它时 MsgBox("Login Failed!", MsgBoxStyle.Critical) 被执行。
这是我的完整代码。谢谢。
Imports MySql.Data.MySqlClient
Public Class Form1
Public cmd As MySqlCommand
Private Sub btnSign_Click(sender As Object, e As EventArgs) Handles btnSign.Click
Dim conn As MySqlConnection
conn = New MySqlConnection
conn.ConnectionString = "server=localhost;user id=demeth;Password=*****;database=employeeinfo"
Dim rdr As MySqlDataReader
Dim qry As String
Try
conn.Open()
qry = "SELECT * FROM employeeinfo.empde; Where Title='" & cmbTitle.Text & "' and Name='" & txtName.Text & "' and Pin Code='" & txtPin.Text & "'"
cmd = New MySqlCommand(qry, conn)
rdr = cmd.ExecuteReader
Dim count As Integer
count = 0
While rdr.Read
count += 1
End While
If count = 1 Then
MsgBox("Connected Successfully", MsgBoxStyle.Information, "Login Successful")
ElseIf count > 1 Then
MsgBox("Dublicate Entry...Contact Costumer Service at 1010", MsgBoxStyle.Critical)
Else
MsgBox("Invalid Name/Pin Code. Try again", MsgBoxStyle.Critical)
End If
Catch ex As MySqlException
MsgBox("Login Failed!", MsgBoxStyle.Critical)
conn.Close()
Finally
conn.Dispose()
End Try
End Sub
End Class
根据您的查询
qry = "SELECT * FROM employeeinfo.empde; Where Title=
你有一个';'在 table 名称之后。删除它。
qry = "SELECT * FROM employeeinfo.empde Where Title=
此外:PinCode 字段上有一个空格。把它也去掉。
qry 表述错误。您应该删除字符串中的分号。此外,问题的表述os 定义不明确。 Ps。正如一条评论所说,这段代码容易受到 SQL 注入的攻击。你应该检查一下。如果它是 self-learning 的项目,你应该不够关心。
这将解决原来的几个问题:
Private Sub btnSign_Click(sender As Object, e As EventArgs) Handles btnSign.Click
Dim count As Integer = 0
Dim qry As String =
"SELECT COUNT(*)
FROM employeeinfo.empde
WHERE Title= @Title
AND Name = @Name
AND `PIN Code`= @PIN;"
Using conn As New MySqlConnection("server=localhost;user id=demeth;Password=*****;database=employeeinfo"), _
cmd As New MySqlCommand(qry, conn)
cmd.Parameters.AddWithValue("@Title", cmbTitle.Text)
cmd.Parameters.AddWithValue("@Name", txtName.Text)
cmd.Parameters.AddWithValue("@PIN", txtPIN.Text)
Try
conn.Open()
count = CInt(cmd.ExecuteScalar())
Catch Ex As MySqlException
MsgBox($"Login Failed!{vbCrLf}{Ex.Message}", MsgBoxStyle.Critical)
End Try
End Using
If count = 1 Then
MgBox("Connected Successfully", MsgBoxStyle.Information, "Login Successful")
ElseIf count > 1 Then
MsgBox("Dublicate Entry...Contact Costumer Service at 1010", MsgBoxStyle.Critical)
Else
MsgBox("Invalid Name/Pin Code. Try again", MsgBoxStyle.Critical)
End If
End Sub
PIN 码存储在 plain-text.
中的问题仍然存在(而且是个大问题!)
我是编码新手。我正在尝试在 visual studio 2019 中使用 MySQL 8 创建一个登录表单 请任何人帮助我找出我的代码有什么问题。当我 运行 它执行的代码 MsgBox("Dublicate Entry...Contact Costumer Service at 1010) 并给出以下错误。
'MySql.Data.MySqlClient.MySqlException: 'You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near 'Where Title='CEO' and Name='Demeth' and Pin Code='1234'' at line 1'
我有疑问;在 MySQL 查询中 employee.empde 的末尾但是当我删除它时 MsgBox("Login Failed!", MsgBoxStyle.Critical) 被执行。
这是我的完整代码。谢谢。
Imports MySql.Data.MySqlClient
Public Class Form1
Public cmd As MySqlCommand
Private Sub btnSign_Click(sender As Object, e As EventArgs) Handles btnSign.Click
Dim conn As MySqlConnection
conn = New MySqlConnection
conn.ConnectionString = "server=localhost;user id=demeth;Password=*****;database=employeeinfo"
Dim rdr As MySqlDataReader
Dim qry As String
Try
conn.Open()
qry = "SELECT * FROM employeeinfo.empde; Where Title='" & cmbTitle.Text & "' and Name='" & txtName.Text & "' and Pin Code='" & txtPin.Text & "'"
cmd = New MySqlCommand(qry, conn)
rdr = cmd.ExecuteReader
Dim count As Integer
count = 0
While rdr.Read
count += 1
End While
If count = 1 Then
MsgBox("Connected Successfully", MsgBoxStyle.Information, "Login Successful")
ElseIf count > 1 Then
MsgBox("Dublicate Entry...Contact Costumer Service at 1010", MsgBoxStyle.Critical)
Else
MsgBox("Invalid Name/Pin Code. Try again", MsgBoxStyle.Critical)
End If
Catch ex As MySqlException
MsgBox("Login Failed!", MsgBoxStyle.Critical)
conn.Close()
Finally
conn.Dispose()
End Try
End Sub
End Class
根据您的查询
qry = "SELECT * FROM employeeinfo.empde; Where Title=
你有一个';'在 table 名称之后。删除它。
qry = "SELECT * FROM employeeinfo.empde Where Title=
此外:PinCode 字段上有一个空格。把它也去掉。
qry 表述错误。您应该删除字符串中的分号。此外,问题的表述os 定义不明确。 Ps。正如一条评论所说,这段代码容易受到 SQL 注入的攻击。你应该检查一下。如果它是 self-learning 的项目,你应该不够关心。
这将解决原来的几个问题:
Private Sub btnSign_Click(sender As Object, e As EventArgs) Handles btnSign.Click
Dim count As Integer = 0
Dim qry As String =
"SELECT COUNT(*)
FROM employeeinfo.empde
WHERE Title= @Title
AND Name = @Name
AND `PIN Code`= @PIN;"
Using conn As New MySqlConnection("server=localhost;user id=demeth;Password=*****;database=employeeinfo"), _
cmd As New MySqlCommand(qry, conn)
cmd.Parameters.AddWithValue("@Title", cmbTitle.Text)
cmd.Parameters.AddWithValue("@Name", txtName.Text)
cmd.Parameters.AddWithValue("@PIN", txtPIN.Text)
Try
conn.Open()
count = CInt(cmd.ExecuteScalar())
Catch Ex As MySqlException
MsgBox($"Login Failed!{vbCrLf}{Ex.Message}", MsgBoxStyle.Critical)
End Try
End Using
If count = 1 Then
MgBox("Connected Successfully", MsgBoxStyle.Information, "Login Successful")
ElseIf count > 1 Then
MsgBox("Dublicate Entry...Contact Costumer Service at 1010", MsgBoxStyle.Critical)
Else
MsgBox("Invalid Name/Pin Code. Try again", MsgBoxStyle.Critical)
End If
End Sub
PIN 码存储在 plain-text.
中的问题仍然存在(而且是个大问题!)