vb.net 从字符串 "" 到类型 'Boolean' 的转换无效
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/22619377/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
Conversion from string "" to type 'Boolean' is not valid
提问by user3457014
I am getting the error message in the title on my login form in ASP.NET does anyone know what how i can sort it out? help is much appreciated
我在 ASP.NET 中的登录表单的标题中收到错误消息,有人知道我该如何解决吗?非常感谢帮助
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As EventArgs) Handles Button1.Click
Dim conn As New MySqlConnection
conn.ConnectionString = ("server=localhost;port=3307;user=user;password=password;database=DB;")
Try
Dim SQL As String = "select * from users3 where uname = '" & txtUName.Text & "' AND password = '" & txtPwd.Text & "'"
conn.Open()
Dim cmd As New MySqlCommand(SQL, conn)
Dim reader As MySqlDataReader = cmd.ExecuteReader
reader.Read()
Dim isValidLogin As Boolean
Boolean.TryParse(reader.GetValue(1), isValidLogin)
If isValidLogin Then
Session("UserName") = txtUName.Text
Response.Redirect("REGISTERPROP.aspx")
Else
Response.Write("Invalid Login")
End If
Catch ex As Exception
Response.Write("An Error Occurred: " & ex.Message.ToString())
End Try
End Sub
回答by Dave Doknjas
Change:
改变:
Dim isValidLogin = reader.GetValue(1)
to:
到:
Dim isValidLogin As Boolean
Boolean.TryParse(reader.GetValue(1), isValidLogin)
回答by Nicholas Carey
Well, the message is pretty much self-explanatory. You're trying convert an empty (nil) string into a boolean. The only valid string values for Booleanare (case-insensitive) trueand false. You have other problems though.
嗯,这条消息是不言自明的。您正在尝试将空 (nil) 字符串转换为布尔值。的唯一有效字符串值Boolean是(不区分大小写)true和false. 不过你还有其他问题。
Your query returns 0 rows (the empty set) if the user/password is not found, and (presumably) 1 row if the user/password is found. However, you are not checking the return values from the
Read()method: it returnstrueif a row was read andfalse otherwise. You query only returns a row on a successful match: You should check that prior to trying to retrieve data from it.Further, your query has a SQL Injectionvulnerability. Consider using parameterized queries or stored procedures. What do you think might happen if somebody types (or simply posts) this back to your page for the password field:
; drop table users3 ;It appears you're storing passwords in the clear in your database. In conjunction with your SQL Injection vulnerability, you leave yourself wide open to having your system and users compromised. Consider salting the passwords and hashing the salted password using a secure hashing algorithmlike SHA-256.
如果未找到用户/密码,您的查询将返回 0 行(空集),如果找到用户/密码,则(大概)返回 1 行。但是,您不会检查该
Read()方法的返回值:true如果读取了一行,它就会返回false otherwise。您查询仅在成功匹配时返回一行:您应该在尝试从中检索数据之前检查该行。此外,您的查询存在SQL 注入漏洞。考虑使用参数化查询或存储过程。如果有人在密码字段中输入(或简单地发布)回您的页面,您认为可能会发生什么:
; drop table users3 ;您似乎在数据库中以明文形式存储密码。结合您的 SQL 注入漏洞,您对系统和用户受到威胁持开放态度。考虑对密码加盐并使用安全散列算法(如 SHA-256)对加盐密码进行散列。
Change your query to
将您的查询更改为
`select 'true' from user3 where ...`
And execute it using DbReader.ExecuteScalar(), which returns the first column of the first row of the result set or nullif the result set is empty. Then your logic becomes simpler, something like
并使用 执行它DbReader.ExecuteScalar(),null如果结果集为空,则返回结果集第一行的第一列。然后你的逻辑变得更简单,就像
Dim isValidLogin = cmd.ExecuteScalar()
If isValidLogin IsNot Nothing And isValidLogin Then
Session("UserName") = txtUName.Text
Response.Redirect("REGISTERPROP.aspx")
Else
Response.Write("Invalid Login")
End If
