开发者

How To Query A VB.NET Datasource

I have added a 开发者_如何学PythonDatasoruce to my current project and the following has been added to my App.config file:

<connectionStrings>
        <add name="WindowsApplication1.My.MySettings.dbConnectionString"
            connectionString="Provider=Microsoft.ACE.OLEDB.12.0;Data Source=|DataDirectory|\db.accdb"
            providerName="System.Data.OleDb" />
    </connectionStrings>

How can I now query and update this datasource?

I have the following query:

Dim sqlstr As String = "INSERT INTO Accounts(Username,Password)VALUES('" & Trim(Account(0)) & "','" & Trim(Account(1)) & "')"

But am not too sure how to actually run the query (New to VB, used to PHP and a single database connection file!)


How can I now query and update this datasource?

NOT how you're doing it right now!

You have two huge problems with that code:

  1. NEVER use string concatenation to insert values into an sql statement like that.
  2. NEVER store a password as plain text in a database.

There are ZERO cases where either of those are ever acceptable.

Here's one way it might look instead:

Dim sql As String = "INSERT INTO Account (UserName, PasswordHash) VALUES ( ? , ? )"
Using cn As New OleDbConnection(ConfigurationManager.ConnectionStrings("dbConnectionString").ConnectionString), _
      cmd As New OleDbCommand(sql, cn)

    cmd.Parameters.Add("UserName", OleDbType.VarChar, 50).Value = Account(0).ToString().Trim()
    cmd.Parameters.Add("PasswordHash", OleDbType.Char, 20).Value = HashPassword(Account(1).ToString().Trim())

    cn.Open()
    cmd.ExecuteNonQuery()
End Using

Notice that I changed the name of one of your columns, and that I referrenced a HashPassword() function that doesn't exist yet. You'll need to build your own HashPassword() function to go with that code. When building the function, look for an scrypt or bcrypt function to use. Do not use MD5. The best that .Net has built in is SHA1. If you really must go that route (SHA1) you can, but scrypt or bcrypt are greatly preferred (this is why I'm not providing the function for you: it will rely on other code you must first get from the web).

When you go to authenticate a user, you must then use the same function to hash the attempted password, and compare the hashes rather than the original passwords. This is the only safe way to do it.

0

上一篇:

下一篇:

精彩评论

暂无评论...
验证码 换一张
取 消

最新问答

问答排行榜