If we open the code corresponding to the "OK" button, we see the following code.
If IsNull(txt_name) Then
MsgBox "Please enter your username!",vbCritical, " prompt"
txtSQL = "SELECT * from caretakerswhere ( user ID='"& txt_name & "') and ( pin number='"& Txtpwd & "')"
Set mrc =ExeSQL(txtSQL)
If mrc.EOF Then
MsgBox " No such user name or incorrect password!", vbCritical, " prompt"
Set mrc = Nothing
Me.Visible = False
' Open switch panel
DoCmd.OpenForm" Switching panel"
Note the SQL statement that analyzes the red part, if I enter the correct values in username and password, assuming both username and password are admin, the red part of the code will be replaced with
txtSQL = "SELECT * from caretakerswhere ( user ID='admin')and ( pin number=' admin ')"
Execute the statement and find the corresponding record in the administrator table, whereupon mrc. EOF is false, the user logs into the system, and if the username password is incorrect, mrc. EOF is true, prompting for an error.
nevertheless， There's something wrong with this piece of code， We can use SQL injection attacks， Direct Login System， For example, I lift the username and password and enter“1' OR '1'='1”， or so， The red part of the code aboveSQL statement will then become：
txtSQL = "SELECT * from caretakerswhere ( user ID='1' OR '1'='1') and ( pin number='1' OR '1'='1')"
Can you see the problem? Let's mark it again with a color.
txtSQL= "SELECT * from caretakerswhere ( user ID='1'OR'1'='1') and( pin number='1'OR'1'='1')"
We will find：（ user ID='1'OR'1'='1'） constant is true，（ pin number='1'OR'1'='1'） constant is true， So the system decided I was a legitimate user.， You can log into the system normally now.。
If you still don't understand after reading the above, we will demonstrate and analyze examples for you in the next lesson.
>>1、WeChat applet development import file says not found json problem2、The media people ten questions XP Challenge 360 suspected behind the scenes3、Interview with Min Chu of Spectrum A voice interaction pragmatist who left Microsoft and gave up Ali4、After 1 month of research weve summarized 3 video infomercial trends5、Software installation to D drive failed with You do not have write access to this installation directory solution