vb.net 通过visual basic形式修改access数据库中的密码
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/28459941/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Change password in access database through visual basic form
提问by Alexiz Hernandez
I currently have a form where you can enter a usernameand passwordand it creates a record of it in access. From there, whenever it asks for a usernameand password, you enter yours and it checks to see if it is correct. I have all of this working correctly but now I have a separate form where you can change you passwordbut I don't know how I would do that. Here is what I have so far:
我目前有一个表单,您可以在其中输入 ausername并password在访问中创建它的记录。从那里,每当它要求一个usernameand 时password,您输入您的并检查它是否正确。我让所有这些都正常工作,但现在我有一个单独的表格,您可以在其中更改您,password但我不知道我该怎么做。这是我到目前为止所拥有的:
Dim con As OleDbConnection = New OleDbConnection()
Dim cmd As OleDbCommand
Dim sql = "SELECT UN, PW FROM Users WHERE UN='" & cmbUser.Text & "' AND PW='" & txtOldPass.Text & "'"
cmd = New OleDbCommand(sql, con)
con.ConnectionString = ("Provider=Microsoft.Jet.OLEDB.4.0;Data Source=../Database.mdb")
con.Open()
Dim dr As OleDbDataReader = cmd.ExecuteReader
Try
If dr.Read = False Then
MsgBox("Password is incorrect!")
txtOldPass.Text = ""
txtNewPass.Text = ""
txtNewPassConf.Text = ""
ElseIf txtNewPass.Text <> txtNewPassConf.Text Then
MsgBox("Passwords do not match!")
txtOldPass.Text = ""
txtNewPass.Text = ""
txtNewPassConf.Text = ""
Else
'This is where the change password code goes
MsgBox("You password has been changed!")
cmbUser.SelectedIndex = -1
txtOldPass.Text = ""
txtNewPass.Text = ""
txtNewPassConf.Text = ""
End If
Catch ex As Exception
MsgBox(ex.Message)
End Try
con.Close()
As you can see, everything seems to be working just fine. Just need code to change the value of the PW cell. I think I could use the sqlstring but I am not sure exactly how. Thanks in advance!
如您所见,一切似乎都运行良好。只需要代码来改变密码单元格的值。我想我可以使用sql字符串,但我不确定如何使用。提前致谢!
采纳答案by Steve
You could use this code.
您可以使用此代码。
Notice that the values passed to the database should be transmitted through parameters (And this is true also for your initial SELECT) not concatenating strings together to form the command text. (Sql Injection, Parsing problems, Clearer command text)
请注意,传递给数据库的值应通过参数传输(对于初始 SELECT 也是如此),而不是将字符串连接在一起以形成命令文本。(Sql 注入,解析问题,更清晰的命令文本)
.....
Else
'This is where the change password code goes
Dim cmdText = "UPDATE Users SET PW = @pwd " & _
"WHERE UN = @uname AND PW = @oldpwd"
dr.Close()
OleDbCommand cmdUpdate = new OleDbCommand(cmdText, con)
cmdUpdate.Parameters.AddWithValue("@pwd",txtNewPass.Text)
cmdUpdate.Parameters.AddWithValue("@uname",cmbUser.Text)
cmdUpdate.Parameters.AddWithValue("@pwd",txtOldPass.Text)
cmdUpdate.ExecuteNonQuery()
MsgBox("You password has been changed!")
cmbUser.SelectedIndex = -1
txtOldPass.Text = ""
txtNewPass.Text = ""
txtNewPassConf.Text = ""
End If
Said that remember that storing passwords in clear text is a big hole in your security. Anyone that can grab the Access file can read the passwords of your users. The best approach to store passwords in a database is through a one way cryptography method. (Hashing and Salt)
说记住,以明文形式存储密码是您安全的一个大漏洞。任何可以获取 Access 文件的人都可以读取您用户的密码。在数据库中存储密码的最佳方法是通过单向加密方法。(哈希和盐)
You could find more info in this question
你可以在这个问题中找到更多信息
