【发布时间】:2019-05-11 12:12:23
【问题描述】:
我正在尝试编写查询以从我的 SQL Server 数据库中删除用户注册,但是当我尝试删除用户时,我收到此错误:
System.InvalidOperationException: 'ExecuteReader: 连接属性尚未初始化。'
我的代码:
Public Class DeleteForm
Private Sub btnDelete_Click(sender As Object, e As EventArgs) Handles btnDelete.Click
Dim conn = New SqlConnection("Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=dbProject;Integrated Security=True")
Using cmd = New SqlCommand("SELECT * FROM tblLogin WHERE username = " & txtUsername.Text, conn)
conn.Open()
Dim reader As SqlClient.SqlDataReader = cmd.ExecuteReader
If reader.Read = True Then
If txtUserPass.Text = txtCheckPass.Text Then
Dim deleteOk As Integer = MessageBox.Show("This cant be undone!" & vbCrLf & "Are you sure?", "Warning!", MessageBoxButtons.YesNo, MessageBoxIcon.Warning)
If deleteOk = DialogResult.Yes Then
Dim queryDelete As String = "DELETE FROM tblLogin WHERE username = " & txtUsername.Text & " and password = " & txtPassword.Text
Dim cmdDelete As New SqlClient.SqlCommand(queryDelete, conn)
If conn.State = ConnectionState.Closed Then conn.Open()
reader.Close()
cmdDelete.ExecuteNonQuery()
MsgBox("Cancellazione eseguita correttamente!")
cmdDelete.Dispose()
conn.Close()
ElseIf deleteOk = DialogResult.No Then
End If
Else
MsgBox("The passwords arent matching!")
End If
Else
MsgBox("User not found")
conn.Close()
txtUsername.Clear()
txtUsername.Focus()
txtUserPass.Clear()
txtCheckPass.Clear()
End If
End Using
End Sub
End Class
【问题讨论】:
-
哪一行出错了?
-
只是一个建议。我会用多种方法将其分开。一种查看用户是否存在,另一种只是删除,另一种是调用它们并处理错误。
-
注意SQL注入!始终使用参数化查询。
-
不使用参数实在是太糟糕了。这对 sql 注入非常开放,我的朋友 Bobby Tables 喜欢这种编码风格。并且密码应该被加盐和散列,而不是以明文形式存储。
-
永远不要将密码存储为纯文本 - 对它们进行加盐和散列
标签: sql sql-server vb.net