vb.net - 根据管理员、医生和护士这 3 种用户类型重定向表单
问题描述
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
Dim Conn As New SqlConnection`
Dim Username As String = TextBox1.Text
Dim Password As String = txtPassword.Text
If String.IsNullOrEmpty(username) Then
' username cannot be empty
MsgBox("Please enter your Username!", MsgBoxStyle.Exclamation, "Error")
ElseIf Username.Contains(" ") Then
' username cannot have spaces
MsgBox("Usernames can't have spaces!", MsgBoxStyle.Exclamation, "Error")
ElseIf String.IsNullOrEmpty(Password) Then
' password cannot be empty
MsgBox("Please enter your password!", MsgBoxStyle.Exclamation, "Error")
Else
Conn.ConnectionString = ("Data Source=LAPTOP-M8KKSG0I;Initial Catalog=Oceania;Integrated Security=True")
Try
Dim sql As String = "SELECT Username, Password, Roles FROM Users WHERE Username = '" & TextBox1.Text & "' AND Password ='" & txtPassword.Text & "'"
Dim cmd As New SqlCommand(sql, Conn)
cmd.Connection = Conn
Conn.Open()
Dim dr As SqlDataReader = cmd.ExecuteReader
If dr.Read = True Then
sql = "Select Roles FROM Users WHERE Roles = 'Admin'"
Me.Hide()
MessageBox.Show("Welcome to Admin Page")
Form2.Show()
ElseIf sql = "Select Roles FROM Users WHERE Roles = 'Doctor'" Then
Me.Hide()
MessageBox.Show("Welcome to Doctor Page")
Form6.Show()
ElseIf sql = "Select Roles FROM Users WHERE Roles = 'Nurse'" Then
Me.Hide()
MessageBox.Show("Welcome to NursePage")
Form4.Show()
Else
MessageBox.Show("Eror")
End If
Catch ex As Exception
End Try
End If
End Sub
- 我应该如何解决这个代码?
- 我有 3 个角色,
admin
即doctor
nurse
- 在我的登录页面中,我有 2 个用于用户名和密码的文本框
- 登录按钮需要验证登录
- 不同的角色有不同的形式。
Admin
转到form2,doctor
转到form6,然后转到form4nurse
。
解决方案
我将您的验证代码移至单独的方法,因为它确实没有连接到数据库代码。总有一天,您希望将所有数据库代码放在一个单独的类中。
Using...End Using
块确保您的数据库对象即使在出现错误时也已关闭和处置。
始终使用参数来防止 Sql 注入,并使您的 sql 更容易编写,并且不易出错。检查数据库中参数的实际类型和大小。
由于我们只检索一条数据,我们可以使用.ExecuteScalar
它返回一个对象。
回到用户界面代码来决定显示哪个表单。
Private Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
If Not ValidateInput() Then
Return
End If
Dim returnValue = ValidateUserAndGetRole()
If returnValue Is Nothing Then
MessageBox.Show("Login failed")
Return
End If
Dim role = returnValue.ToString
If role = "Admin" Then
Me.Hide()
MessageBox.Show("Welcome to Admin Page")
Form2.Show()
ElseIf role = "Doctor" Then
Me.Hide()
MessageBox.Show("Welcome to Doctor Page")
Form6.Show()
ElseIf role = "Nurse" Then
Me.Hide()
MessageBox.Show("Welcome to NursePage")
Form4.Show()
Else
MessageBox.Show("No matching role found")
End If
End Sub
Private Function ValidateInput() As Boolean
Dim Username As String = TextBox1.Text
Dim Password As String = txtPassword.Text
If String.IsNullOrEmpty(Username) Then
' username cannot be empty
MsgBox("Please enter your Username!", MsgBoxStyle.Exclamation, "Error")
Return False
ElseIf Username.Contains(" ") Then
' username cannot have spaces
MsgBox("Usernames can't have spaces!", MsgBoxStyle.Exclamation, "Error")
Return False
ElseIf String.IsNullOrEmpty(Password) Then
' password cannot be empty
MsgBox("Please enter your password!", MsgBoxStyle.Exclamation, "Error")
Return False
End If
Return True
End Function
Private Function ValidateUserAndGetRole() As Object
Dim retVal As Object
Using Conn As New SqlConnection("Data Source=LAPTOP-M8KKSG0I;Initial Catalog=Oceania;Integrated Security=True"),
cmd As New SqlCommand("SELECT Roles FROM Users WHERE Username = @Name AND Password = @Pass;", Conn)
cmd.Parameters.Add("@Name", SqlDbType.NVarChar, 100).Value = TextBox1.Text
cmd.Parameters.Add("@Pass", SqlDbType.NVarChar, 100).Value = txtPassword.Text
Conn.Open()
retVal = cmd.ExecuteScalar
End Using 'closes and disposes the connection and command
Return retVal
End Function
这是什么
sql = "Select Roles FROM Users WHERE Roles = 'Admin'"
还有这个
sql = "Select Roles FROM Users WHERE Roles = 'Doctor'"
还有这个
sql = "Select Roles FROM Users WHERE Roles = 'Nurse'"
应该做的?我的意思是,这是一个很好的字符串,但它没有做任何事情。
您可以在测试后将您的 try catch 添加回数据库代码中,请不要使用空的 Catch 块。它只是吞下你的错误,你永远不知道你的代码出了什么问题。
推荐阅读
- linux - 为什么安装 sudo 后 docker 镜像增长如此之快?
- node.js - 如何在代码执行期间多次发送响应而不在最后一个 res.write 发送所有响应
- docker - docker build 不断构建错误的架构
- java - 如何准确获取服务器发送的通知,使用 FCM(Android)
- python - scipy.optimize.solve 可以处理大规模非线性问题吗?
- c - printf 缓冲是 C 标准的一部分吗?
- c# - 数据插入未找到 Id 的问题
- regex - 需要一个范围内的所有字符
- r - 粘贴网址未返回所需的选项卡
- django - 如何在 Django 中添加两个日期字段