Private Sub cmdOK_Click()
Dim sUserName As String
Dim sUserPwd As String
sUserName = Trim(txtUserName.Text)
sUserPwd = Trim(txtUserPwd.Text)
If sUserName = "" Then
Call MsgBox("请输人用户名!", vb0KOnly, "登录提示")
txtUserName.SetFocus
Exit Sub
End If
If SqlConn.State <> adStateOpen Then DBConnect ("U")
Set SqlRS = query.ExecSQL("select count(* ) num from Users where (username ='" + sUserName + " ')and (userpwd = '" + sUserPwd + " ')")
If Not SqlRS.EOF Then
If Int(Trim(SqlRS("num"))) >= 1 Then
SqlRS.Close
Set SqlRS = query.ExecSQL("select username, role from Users where (username='" + sUserName + " ') and (userpwd='" + sUserPwd + " ')")
If Not SqlRS.EOF Then
MDIForm1.SetRightForRole (Trim(SqlRS("role")))
Else
MDIForm1.SetRightForRole ("2")
End If
Unload Me
MDIForm1.Show
Else
Call MsgBox("用户名或密码错,请重新登录!", vb0K0nly, "登录提示")
txtUserName.SetFocus
Exit Sub
End If
End If
End Sub
代码没有贴不完整,不好判断。
query.ExecSQL()应该在别的地方定义过,query变量是不是一个成员变量?
Private Sub cmdOK_Click()
Dim sUserName As String
Dim sUserPwd As String
sUserName = Trim(txtUserName.Text)
sUserPwd = Trim(txtUserPwd.Text)
If sUserName = "" Then
Call MsgBox("请输人用户名!", vb0KOnly, "登录提示")
Exit Sub
End If
If SqlConn.State <> adStateOpen Then DBConnect ("U")
Set SqlRS = query.ExecSQL("select count(* ) num from Users where (username ='" + sUserName + " ')and (userpwd = '" + sUserPwd + " ')")
If Not SqlRS.EOF Then
If Int(Trim(SqlRS("num"))) >= 1 Then
SqlRS.Close
Set SqlRS = query.ExecSQL("select username, role from Users where (username='" + sUserName + " ') and (userpwd='" + sUserPwd + " ')")
If Not SqlRS.EOF Then
MDIForm1.SetRightForRole (Trim(SqlRS("role")))
Else
MDIForm1.SetRightForRole ("2")
End If
Unload Me
MDIForm1.Show
Else
Call MsgBox("用户名或密码错,请重新登录!", vb0K0nly, "登录提示")
txtUserName.SetFocus
Exit Sub
End If
End If
End Sub
另外再多说一句,这个代码写得很不严谨、非常不安全,“SQL注入”的安全漏洞就是在这样的代码里大量产生的。