用户登录判断函数

Public Sub OnLogonBetter(ByVal Src As Object, ByVal E As EventArgs)
Dim userName As String = txtUser.Text
Dim passwd As String = txtPassword.Text
' step one, validate userName and password
' this could also be done with server controls, which is recommended
' allow only letters and digits and underscore
' Dim valid = new Regex("^[a-zA-Z0-9]+$")
' still bad: SQL connection string is hardcoded in program source
' better: using integrated auth and least privilege on table
Dim conn As New SqlConnection("server=(local);database=formsdb;Trusted_Connection=True")
' better practice: using parameterized queries or stored procedures
Dim cmd As New SqlCommand("select username, password from userinfo where username=@username and password=@passwd", conn)
Dim param As SqlParameter = cmd.Parameters.Add("@username", SqlDbType.NVarChar, 30)
param.Value = userName
param = cmd.Parameters.Add("@passwd", SqlDbType.NVarChar, 30)
param.Value = passwd
conn.Open()
Dim rdr As SqlDataReader = cmd.ExecuteReader()
Dim ok As Boolean = False
Try
If rdr.HasRows() Then
If rdr.Read Then
If rdr.GetString(0) = userName And rdr.GetString(1) = passwd Then
Msg.Text = "Welcome, " & Server.HtmlEncode(userName)
ok = True
End If
End If
End If
If Not ok Then
' think hard about whether or not to log the password (don't unless there's a good reason for it)
' the SQL query above could be altered to just return the username
' with an explicit password comparison to provide more info about what went wrong
LogFailure(userName)
Msg.Text = String.Format("Invalid Logon for {0}, please try again", Server.HtmlEncode(userName))
End If
Finally
rdr.Close()
conn.Close()
End Try
End Sub
评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值