嗨,我搜索了很多关于这个主题的内容,我似乎无法理解用户完成的大部分编码,我很喜欢'Boarland C ++ builder'并且对它有很好的体验,但我似乎无法达到在MSVS C#2008的底部,无论如何,我的问题在于登录SQL查询,如果这是正确的名称,似乎搜索和找到的解决方案都没有工作,这是我的代码的一部分“
using System.Data.Sql;
using System.Data.SqlClient;
namespace DMSTestLoginForm
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
string connection = @"Data Source=.\SQLExpress;AttachDbFilename=|Data Directory is all set and ready to go|.mdf;Integrated Security=True;User Instance=True";
SqlConnection con = new SqlConnection(connection);
try
{
con.Open();
//MessageBox.Show("Connection Successful");
}
catch (Exception)
{
//MessageBox.Show("Did not connect"); // connection is successful the issue is down bellow.
}
}
private void lgnbtn_Click(object sender, EventArgs e)
{
string dummyun = uninput.Text;
string dummypw = pwinput.Text;
SqlCommand dummy1 = new SqlCommand("SELECT * FROM nurse WHERE n_id ='"+uninput.Text+"'");
SqlCommand dummy2 = new SqlCommand("SELECT * FROM nurse WHERE n_pw = '"+pwinput.Text+"'");
string dum = Convert.ToString(dummy1);
string dum2 = Convert.ToString(dummy2);
if((dum==dummyun)&&(dum2==dummypw))
MessageBox.Show("Welcome in"); //this message is to test if i logged in or not.
//Form2 Loggedin = new Form2;
//Loggedin.Show();
else
MessageBox.Show("Login failed");
}
问题不是我的连接字符串实际上和我上面提到的SQL查询,以检查用户名/密码是否包含在我的DB.table中;这是“护士”,或者不是,我知道我创造了很多“字符串”实例,但我达到了绝望的状态,非常感谢解决方案提供商,提前感谢。
您需要使用A Datareader执行SqlCommand对象。并尝试使用参数化查询。 qazxsw poi
SqlDatareader
private void lgnbtn_Click(object sender, EventArgs e)
{
string dummyun = uninput.Text;
string dummypw = pwinput.Text;
con.Open();
using(SqlCommand StrQuer = new SqlCommand("SELECT * FROM nurse WHERE n_id=@userid AND n_pw=@password", con))
{
StrQuer.Parameters.AddWithValue("@userid",dummyun);
StrQuer.Parameters.AddWithValue("@password",dummypw);
SqlDataReader dr = StrQuer.ExecuteReader();
If(dr.HasRows)
{
MessageBox.Show("loginSuccess");
}
else
{
//invalid login
}
}
}
不是你简单称之为SqlCommand
的东西。它有Convert.ToString
以获得预期的结果。
你需要调用像methods that you need to call这样的方法并回读结果。您应该将查询更改为一个查询而不是两个单独的查询。最后,正如@SLaks指出的那样,您不希望自己容易受到sql注入攻击,因此请尝试将查询编写为参数化查询,并通过ExecuteReader
s SqlCommand
属性添加参数。
这是登录按钮的神奇代码。这也将使可见标签显示错误消息。
Parameters
private void btnlogin_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(@"PASTE_YoURCONNECTION_STRING_HERE");
SqlDataAdapter usr = new SqlDataAdapter("SELECT COUNT(*) FROM login WHERE username='" + textBox1.Text + "'", con);
SqlDataAdapter pswd = new SqlDataAdapter("SELECT COUNT(*) FROM login WHERE password='" + textBox2.Text + "'", con);
DataTable dt1 = new DataTable(); //this is creating a virtual table
DataTable dt2 = new DataTable();
usr.Fill(dt1);
pswd.Fill(dt2);
if (dt1.Rows[0][0].ToString() == "1" && dt2.Rows[0][0].ToString() == "1")
{
this.Hide();
new mainform().Show();
}
else if (dt1.Rows[0][0].ToString() != "1" && dt2.Rows[0][0].ToString() != "1")
{
usrerror.Visible = true;
pswrderror.Visible = true;
}
else if (dt1.Rows[0][0].ToString() == "1" && dt2.Rows[0][0].ToString() != "1")
{
usrerror.Visible = false;
pswrderror.Visible = true;
}
else if (dt1.Rows[0][0].ToString() != "1" && dt2.Rows[0][0].ToString() == "1")
{
usrerror.Visible = true;
pswrderror.Visible = false;
}
}