我的问题是如何简化或改进这段代码?它可以工作,但我觉得我在做很多不必要的代码,或者我觉得我做错了什么。我正在为营养学家登录用户。感谢您事先的回复。
private void btnLogin_Click(object sender, EventArgs e)
{
if (tbUser.Text == "")
{
MessageBox.Show("Please input user name.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (tbPassword.Text == "")
{
MessageBox.Show("Please input password name.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
if (SQL.ConnectionOpen() == true)
{
Query = "SELECT * FROM users WHERE user_name = '" + tbUser.Text + "' AND password = '" + tbPassword.Text + "'";
SQL.Command = new MySqlCommand(Query, SQL.Conexion);
SQL.Reader = SQL.Command.ExecuteReader();
if (SQL.Reader.Read() == true)
{
frmMain Main = new frmMain();
Main.Show();
tbUser.Clear();
tbPassword.Clear();
SQL.Reader.Dispose();
SQL.Command.Dispose();
SQL.Reader.Close();
SQL.ConnectionClose();
this.Hide();
}
else
{
MessageBox.Show("User or password incorrect.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
SQL.Reader.Dispose();
SQL.Command.Dispose();
SQL.Reader.Close();
SQL.ConnectionClose();
}
}
}
}
这是SQL类,我正在使用MySQL作为我的数据库:
using System;
using MySql.Data;
using MySql.Data.MySqlClient;
using System.Windows.Forms;
namespace NutriHelp
{
public class SQL
{
public static MySqlConnection Connection = new MySqlConnection("SERVER=localhost;DATABASE=nutrihelp;UID=root;PASSWORD=1234;");
public static MySqlDataReader Reader;
public static MySqlCommand Command;
public static bool ConnectionOpen()
{
try
{
Connection.Open();
return true;
}
catch (MySqlException ex)
{
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator.");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again.");
break;
}
return false;
}
}
public static bool ConnectionClose()
{
try
{
Connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
}
}
我也在做插入,更新和一些删除。
更新我想我改进了我的使用Parameters
和Base64Encode
我不想做一个非常复杂的加密,像Salt
和Hash
加密,因为它是一组nutrologist的简单软件。
无论这里是我的“改进”代码,有点像:
private void btnLogin_Click(object sender, EventArgs e)
{
string strUser = tbUser.Text;
string strPassword = tbPassword.Text;
if (tbUser.Text == "")
{
MessageBox.Show("Please input username", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (tbPassword.Text == "")
{
MessageBox.Show("Please input password", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
if (SQL.ConnectionOpen() == true)
{
SQL.Command = new MySqlCommand();
SQL.Command.CommandText = "SELECT * FROM user WHERE username=@username AND password=@password;";
SQL.Command.Parameters.AddWithValue("@username", strUser);
SQL.Command.Parameters.AddWithValue("@password", Base64Encode(strPassword));
SQL.Command.Connection = SQL.Connection;
SQL.Reader = SQL.Command.ExecuteReader();
if (SQL.Reader.Read())
{
frmMain Main = new frmMain();
this.Hide();
Main.ShowDialog();
tbUser.Clear();
tbPassword.Clear();
SQL.CleanConnection();
SQL.ConnectionClose();
this.Close();
}
else
{
MessageBox.Show("User or password are incorrect", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
SQL.CleanConnection();
SQL.ConnectionClose();
}
}
}
}
SQL类:
public class SQL
{
public static MySqlConnection Connection = new MySqlConnection("SERVER=localhost;DATABASE=nutrihelp;UID=root;PASSWORD=somepassword;");
public static MySqlDataReader Reader;
public static MySqlCommand Command;
public static bool ConnectionOpen()
{
try
{
Connection.Open();
return true;
}
catch (MySqlException ex)
{
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator.");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again.");
break;
}
return false;
}
}
public static bool ConnectionClose()
{
try
{
Connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
public static void CleanConnection()
{
Reader.Dispose();
Command.Dispose();
Reader.Close();
}
}
感谢@Tony Tom和@Soumen Mukherjee的建议。
而不是传递内联查询在mysql数据库中创建存储过程并将参数作为sqlcommand参数传递。
https://www.w3schools.com/sql/sql_stored_procedures.asp
并且您应该始终将密码存储在数据库中加密,这样当用户输入密码时,您必须对其进行加密并与数据库中的密码进行比较。