时间戳

首页 > 解决方案 > SQL Server:删除用户

sql - SQL Server:删除用户

问题描述

我正在尝试编写查询以从我的 SQL Server 数据库中删除用户注册,但是当我尝试删除用户时,出现此错误:

System.InvalidOperationException:“ExecuteReader:连接属性尚未初始化。”

我的代码:

Public Class DeleteForm
Private Sub btnDelete_Click(sender As Object, e As EventArgs) Handles btnDelete.Click
    Dim conn = New SqlConnection("Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=dbProject;Integrated Security=True")

    Using cmd = New SqlCommand("SELECT * FROM tblLogin WHERE username = " & txtUsername.Text, conn)
        conn.Open()
        Dim reader As SqlClient.SqlDataReader = cmd.ExecuteReader

        If reader.Read = True Then
            If txtUserPass.Text = txtCheckPass.Text Then
                Dim deleteOk As Integer = MessageBox.Show("This cant be undone!" & vbCrLf & "Are you sure?", "Warning!", MessageBoxButtons.YesNo, MessageBoxIcon.Warning)
                If deleteOk = DialogResult.Yes Then
                    Dim queryDelete As String = "DELETE FROM tblLogin WHERE username = " & txtUsername.Text & " and password = " & txtPassword.Text
                    Dim cmdDelete As New SqlClient.SqlCommand(queryDelete, conn)

                    If conn.State = ConnectionState.Closed Then conn.Open()
                    reader.Close()
                    cmdDelete.ExecuteNonQuery()
                    MsgBox("Cancellazione eseguita correttamente!")
                    cmdDelete.Dispose()
                    conn.Close()
                ElseIf deleteOk = DialogResult.No Then

                End If
            Else
                MsgBox("The passwords arent matching!")
            End If
        Else
            MsgBox("User not found")
            conn.Close()
            txtUsername.Clear()
            txtUsername.Focus()
            txtUserPass.Clear()
            txtCheckPass.Clear()
        End If
    End Using
  End Sub
End Class

标签: sqlsql-servervb.net

解决方案

您需要先打开连接,然后才能创建命令。IE

Dim conn = New SqlConnection("Data Source=(localdb)\MSSQLLocalDB;Initial Catalog=dbProject;Integrated Security=True")
conn.Open()
Using cmd = New SqlCommand(....

但是,您当前的代码包含SQL Injection。你不应该连接字符串去获取你的 SQL。你应该使用参数。有关该应用程序的更好解释,请参阅此答案

此外,以纯文本形式存储密码从来都不是一个好习惯。曾经。您应该只存储密码的哈希值并比较哈希值而不是纯文本。阅读此答案以供参考。以及更多关于为什么你应该散列的背景信息

推荐阅读