时间戳

首页 > 解决方案 > 根据管理员、医生和护士这 3 种用户类型重定向表单

vb.net - 根据管理员、医生和护士这 3 种用户类型重定向表单

问题描述

  Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
        Dim Conn As New SqlConnection`
        Dim Username As String = TextBox1.Text
        Dim Password As String = txtPassword.Text
        If String.IsNullOrEmpty(username) Then
            ' username cannot be empty
            MsgBox("Please enter your Username!", MsgBoxStyle.Exclamation, "Error")
        ElseIf Username.Contains(" ") Then
            ' username cannot have spaces
            MsgBox("Usernames can't have spaces!", MsgBoxStyle.Exclamation, "Error")
        ElseIf String.IsNullOrEmpty(Password) Then
            ' password cannot be empty
            MsgBox("Please enter your password!", MsgBoxStyle.Exclamation, "Error")
        Else
            Conn.ConnectionString = ("Data Source=LAPTOP-M8KKSG0I;Initial Catalog=Oceania;Integrated Security=True")
            Try
                Dim sql As String = "SELECT Username, Password, Roles FROM Users WHERE Username =  '" & TextBox1.Text & "' AND Password ='" & txtPassword.Text & "'"
                Dim cmd As New SqlCommand(sql, Conn)
                cmd.Connection = Conn
                Conn.Open()
                Dim dr As SqlDataReader = cmd.ExecuteReader
                If dr.Read = True Then
                    sql = "Select Roles FROM Users WHERE Roles = 'Admin'"
                    Me.Hide()
                    MessageBox.Show("Welcome to Admin Page")
                    Form2.Show()
                ElseIf sql = "Select Roles FROM Users WHERE Roles = 'Doctor'" Then
                    Me.Hide()
                    MessageBox.Show("Welcome to Doctor Page")
                    Form6.Show()
                ElseIf sql = "Select Roles FROM Users WHERE Roles = 'Nurse'" Then
                    Me.Hide()
                    MessageBox.Show("Welcome to NursePage")
                    Form4.Show()
                Else
                    MessageBox.Show("Eror")




                End If
        Catch ex As Exception
            End Try
        End If

    End Sub
  1. 我应该如何解决这个代码?
  2. 我有 3 个角色,admindoctornurse
  3. 在我的登录页面中,我有 2 个用于用户名和密码的文本框
  4. 登录按钮需要验证登录
  5. 不同的角色有不同的形式。Admin转到form2,doctor转到form6,然后转到form4 nurse

标签: vb.net

解决方案

我将您的验证代码移至单独的方法,因为它确实没有连接到数据库代码。总有一天,您希望将所有数据库代码放在一个单独的类中。

Using...End Using块确保您的数据库对象即使在出现错误时也已关闭和处置。

始终使用参数来防止 Sql 注入,并使您的 sql 更容易编写,并且不易出错。检查数据库中参数的实际类型和大小。

由于我们只检索一条数据,我们可以使用.ExecuteScalar它返回一个对象。

回到用户界面代码来决定显示哪个表单。

Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
    If Not ValidateInput() Then
        Return
    End If
    Dim returnValue = ValidateUserAndGetRole()
    If returnValue Is Nothing Then
        MessageBox.Show("Login failed")
        Return
    End If
    Dim role = returnValue.ToString
    If role = "Admin" Then
        Me.Hide()
        MessageBox.Show("Welcome to Admin Page")
        Form2.Show()
    ElseIf role = "Doctor" Then
        Me.Hide()
        MessageBox.Show("Welcome to Doctor Page")
        Form6.Show()
    ElseIf role = "Nurse" Then
        Me.Hide()
        MessageBox.Show("Welcome to NursePage")
        Form4.Show()
    Else
        MessageBox.Show("No matching role found")
    End If
End Sub


Private Function ValidateInput() As Boolean
    Dim Username As String = TextBox1.Text
    Dim Password As String = txtPassword.Text
    If String.IsNullOrEmpty(Username) Then
        ' username cannot be empty
        MsgBox("Please enter your Username!", MsgBoxStyle.Exclamation, "Error")
        Return False
    ElseIf Username.Contains(" ") Then
        ' username cannot have spaces
        MsgBox("Usernames can't have spaces!", MsgBoxStyle.Exclamation, "Error")
        Return False
    ElseIf String.IsNullOrEmpty(Password) Then
        ' password cannot be empty
        MsgBox("Please enter your password!", MsgBoxStyle.Exclamation, "Error")
        Return False
    End If
    Return True
End Function

Private Function ValidateUserAndGetRole() As Object
    Dim retVal As Object
    Using Conn As New SqlConnection("Data Source=LAPTOP-M8KKSG0I;Initial Catalog=Oceania;Integrated Security=True"),
            cmd As New SqlCommand("SELECT Roles FROM Users WHERE Username = @Name AND Password = @Pass;", Conn)
        cmd.Parameters.Add("@Name", SqlDbType.NVarChar, 100).Value = TextBox1.Text
        cmd.Parameters.Add("@Pass", SqlDbType.NVarChar, 100).Value = txtPassword.Text
        Conn.Open()
        retVal = cmd.ExecuteScalar
    End Using 'closes and disposes the connection and command
    Return retVal
End Function

这是什么

sql = "Select Roles FROM Users WHERE Roles = 'Admin'"

还有这个

sql = "Select Roles FROM Users WHERE Roles = 'Doctor'"

还有这个

sql = "Select Roles FROM Users WHERE Roles = 'Nurse'"

应该做的?我的意思是,这是一个很好的字符串,但它没有做任何事情。

您可以在测试后将您的 try catch 添加回数据库代码中,请不要使用空的 Catch 块。它只是吞下你的错误,你永远不知道你的代码出了什么问题。

推荐阅读