In the user name password is identical with the original data can change, change what you should enter the statement?
CodePudding user response:
It is for this,,,,,,,,CodePudding user response:
CodePudding user response:
This shouldn't be hard, but your figure is not, and I don't know where is your login data storage, therefore the corresponding bad your question answer, make an example of using Access database storage, for your reference: (the name of the database "AA. MDB," data table name "the login table," added in the [project] - [quote] two references:Here are all code:
Dim db As New ADODB library. The Connection, the RS As New ADODB library. You,, YMM PPID As Long As the String
Private Sub Combo1_Click ()
Text1. Text="" : Text2. Text=" ": Text3. Text=" ": Text4. Text=" "
PPID=0: YMM=""
Call KKK (db)
RS. Open the "select * from login form Where the user name='" & amp; Combo1. Text & amp; "'", db, 2, 2
Text1. Text=RS! The user name
PPID=RS! ID
YMM=RS! Password
RS. Close
The Close
End Sub
Private Sub Command1_Click ()
If PPID=0 Then
MsgBox "you chose not to modify user password!"
The Exit Sub
End the If
If Text2. Text="" Then
MsgBox "you didn't enter the user password!"
The Exit Sub
End the If
If YMM & lt;> Text2. Text Then
MsgBox "the old password you entered is not correct!"
The Exit Sub
End the If
If Text3. Text="" Then
MsgBox "you didn't enter new password!"
The Exit Sub
End the If
If Text4. Text="" Then
MsgBox "you don't have to enter the user again new password!"
The Exit Sub
End the If
If Text3. Text & lt;> Text4. Text Then
MsgBox "the secondary input the new password is wrong, please check!"
The Exit Sub
End the If
'the following began to change passwords
Call KKK (db)
RS. Open the "select * from the login table Where ID=" & amp; PPID & amp; "And the username='" & amp; Text1. Text & amp; "' And password='" & amp; Text2. Text & amp; "'", db, 2, 2
RS! Password=Text3. Text
RS. Update
RS. Close
The Close
MsgBox "the user's password has been modified successfully!"
Unload Me
Form1. Show
End Sub
Private Sub Form_Load ()
Combo1. Clear
Call KKK (db)
RS. Open the "select * from the login table", db, 2, 2
EOF
the Do While Not RS.Combo1 AddItem RS! The user name
RS. MoveNext
Loop
RS. Close
The Close
Text1. Text="" : Text2. Text=" ": Text3. Text=" ": Text4. Text=" "
PPID=0: YMM=""
End Sub
Private Sub KKK (db)
The Open ". The Provider=Microsoft Jet. The OLEDB. 4.0; Data Source="& amp; App. The Path & amp; "\ AA. MDB; Persist Security Info=False "'
End Sub
Below is the program interface:
CodePudding user response:
Upstairs is a good teacher,CodePudding user response:
RS. Open the "select * from the login table Where ID=" & amp; PPID & amp; "And the username='" & amp; Text1. Text & amp; "' And password='" & amp; Text2. Text & amp; "'"
It's too easy to be attacked,
Attacker can choose any one of the user, the original password column fill in "' OR '1'='1", then fill in the new password,
At this point, the SQL string is:
"Select * from the login table Where ID=XXX And user name='yyy' And password='OR' 1 '=' 1 '"
The password has been changed,
Should
RS. Open the "select * from the login table Where ID=" & amp; PPID & amp; "And the username='" & amp; Text1. Text & amp; "'
Password and then detection,