"不正确的用户名和密码"虽然正确吗?
Fut*_*mer 1 ms-access access-vba
我有一个MS Access 2016数据库,用户使用用户名密码登录数据库.然后代码将打开一组表单但是有一个我无法找到的错误.
Private Sub btnLogin_Click()
If IsNull(Me.txtBoxUsername) Then
MsgBox "Please Enter Username", vbInformation, "Username Required"
Me.txtBoxUsername.SetFocus
ElseIf IsNull(Me.txtBoxPassword) Then
MsgBox "Please Enter Password", vbInformation, "Password Required"
Me.txtBoxPassword.SetFocus
Else
'proccess the job
If ((IsNull(DLookup("Username", "Staff Table", "Username='& Me.txtBoxUsername.Value &'"))) Or _
(IsNull(DLookup("Password", "Staff Table", "Password='& Me.txtBoxPassword.Value &'")))) Then
MsgBox "Incorrect Username Or Password"
Else
MsgBox "Username & Password Correct"
DoCmd.OpenForm "Branch Form"
DoCmd.OpenForm "Customer Form"
DoCmd.OpenForm "Item Form"
DoCmd.OpenForm "Order Form"
DoCmd.OpenForm "Staff Form"
End If
End If
End Sub
员工的用户名和密码是"RJ1".当我尝试使用这些凭据登录时,MsgBox会"Incorrect Username Or Password"显示出来.
为什么会这样?
*回答HansUp的问题'错误信息是什么?'
解:
Private Sub btnLogin_Click()
Dim db As DAO.Database
Dim qdf As DAO.QueryDef
Dim strSelect As String
strSelect = "SELECT Count(*) FROM [Staff Table]" & vbCrLf & _
"WHERE Username=[pUser] AND [Password]=[pPWD];"
Set db = CurrentDb
Set qdf = db.CreateQueryDef(vbNullString, strSelect)
qdf.Parameters("pUser").Value = Me!txtBoxUsername.Value
qdf.Parameters("pPWD").Value = Me!txtBoxPassword.Value
If qdf.OpenRecordset(dbOpenSnapshot)(0) = 0 Then
End If
If IsNull(Me.txtBoxUsername) Then
MsgBox "Please Enter Username", vbInformation, "Username Required"
Me.txtBoxUsername.SetFocus
ElseIf IsNull(Me.txtBoxPassword) Then
MsgBox "Please Enter Password", vbInformation, "Password Required"
Me.txtBoxPassword.SetFocus
Else
'proccess the job
If ((IsNull(DLookup("[Username]", "Staff Table", "[Username] = '" & Me.txtBoxUsername.Value & "'"))) Or _
(IsNull(DLookup("[Password]", "Staff Table", "[Password] = '" & Me.txtBoxPassword.Value & "'")))) Then
MsgBox "Incorrect Username Or Password"
Else
DoCmd.OpenForm "Branch Form"
DoCmd.OpenForm "Customer Form"
DoCmd.OpenForm "Item Form"
DoCmd.OpenForm "Order Form"
DoCmd.OpenForm "Staff Form"
End If
End If
End Sub
正如Christopher指出的那样,这个If表达式会评估用户名和密码是否Staff Table在同一行中找到,但不一定在同一行中找到.因此,如果您使用另一个用户的密码提交一个用户的名称,则此逻辑会将这些值视为有效组合:
'proccess the job
If ((IsNull(DLookup("Username", "Staff Table", "Username='" & Me.txtBoxUsername.Value & "'"))) Or _
(IsNull(DLookup("[Password]", "Staff Table", "[Password]='" & Me.txtBoxPassword.Value & "'")))) Then
' Note: quotes added .....................................^.............................^
确保检查用户名和密码是否存在于同一行:
Dim strCriteria As String
strCriteria = "Username='" & Me.txtBoxUsername.Value & "' AND [Password]='" & Me.txtBoxPassword.Value & "'"
Debug.Print strCriteria '<- inspect in Immediate window; Ctrl+g will take you there
If DCount("*", "Staff Table", strCriteria) = 0 Then
MsgBox "Incorrect Username Or Password"
End If
尽管该更改在逻辑上可能是正确的,但是当用户名或密码包含撇号时,它可能会中断.一种不太脆弱的方法是Recordset基于参数查询:
Dim db As DAO.Database
Dim qdf As DAO.QueryDef
Dim strSelect As String
strSelect = "SELECT Count(*) FROM [Staff Table]" & vbCrLf & _
"WHERE Username=[pUser] AND [Password]=[pPWD];"
Set db = CurrentDb
Set qdf = db.CreateQueryDef(vbNullString, strSelect)
qdf.Parameters("pUser").Value = Me!txtBoxUsername.Value
qdf.Parameters("pPWD").Value = Me!txtBoxPassword.Value
If qdf.OpenRecordset(dbOpenSnapshot)(0) = 0 Then
MsgBox "Incorrect Username Or Password"
End If