SQL到C#登录查询
本文关键字:查询 登录 SQL | 更新日期: 2023-09-27 18:24:33
hi我搜索了很多关于这个主题的内容,我似乎无法理解用户所做的大部分编码,我擅长"Boarland C++构建器",并有很好的经验,但我似乎无法深入了解MSVS C#2008,不管谁,我的问题在于登录SQL查询,如果这是正确的名称,似乎所有搜索到的解决方案都不起作用,下面是我的部分代码"
using System.Data.Sql;
using System.Data.SqlClient;
namespace DMSTestLoginForm
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
string connection = @"Data Source=.'SQLExpress;AttachDbFilename=|Data Directory is all set and ready to go|.mdf;Integrated Security=True;User Instance=True";
SqlConnection con = new SqlConnection(connection);
try
{
con.Open();
//MessageBox.Show("Connection Successful");
}
catch (Exception)
{
//MessageBox.Show("Did not connect"); // connection is successful the issue is down bellow.
}
}
private void lgnbtn_Click(object sender, EventArgs e)
{
string dummyun = uninput.Text;
string dummypw = pwinput.Text;
SqlCommand dummy1 = new SqlCommand("SELECT * FROM nurse WHERE n_id ='"+uninput.Text+"'");
SqlCommand dummy2 = new SqlCommand("SELECT * FROM nurse WHERE n_pw = '"+pwinput.Text+"'");
string dum = Convert.ToString(dummy1);
string dum2 = Convert.ToString(dummy2);
if((dum==dummyun)&&(dum2==dummypw))
MessageBox.Show("Welcome in"); //this message is to test if i logged in or not.
//Form2 Loggedin = new Form2;
//Loggedin.Show();
else
MessageBox.Show("Login failed");
}
问题不在于我的连接字符串,事实上,正如我上面提到的,SQL查询检查用户名/密码是否在我的DB.table中;不管是不是"护士",我知道我创建了很多"字符串"实例,但我陷入了绝望的境地,我会非常感谢解决方案提供商,提前感谢。
您需要使用Datareader执行SqlCommand对象。并尝试使用参数化查询。SqlDatareader
private void lgnbtn_Click(object sender, EventArgs e)
{
string dummyun = uninput.Text;
string dummypw = pwinput.Text;
con.Open();
using(SqlCommand StrQuer = new SqlCommand("SELECT * FROM nurse WHERE n_id=@userid AND n_pw=@password", con))
{
StrQuer.Parameters.AddWithValue("@userid",dummyun);
StrQuer.Parameters.AddWithValue("@password",dummypw);
SqlDataReader dr = StrQuer.ExecuteReader();
If(dr.HasRows)
{
MessageBox.Show("loginSuccess");
}
else
{
//invalid login
}
}
}
SqlCommand不是简单地调用Convert.ToString的东西。它有一些方法需要调用才能获得预期的结果。
您需要调用类似ExecuteReader的方法并读回结果。您可能应该将查询更改为一个查询,而不是两个单独的查询。最后,正如@SLaks所指出的,您不想让自己容易受到sql注入的攻击,所以请尝试将查询编写为参数化查询,并通过SqlCommand的Parameters属性添加参数。
这是一个神奇的登录按钮代码。这也将使带有错误消息的标签可见。
private void btnlogin_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(@"PASTE_YoURCONNECTION_STRING_HERE");
SqlDataAdapter usr = new SqlDataAdapter("SELECT COUNT(*) FROM login WHERE username='" + textBox1.Text + "'", con);
SqlDataAdapter pswd = new SqlDataAdapter("SELECT COUNT(*) FROM login WHERE password='" + textBox2.Text + "'", con);
DataTable dt1 = new DataTable(); //this is creating a virtual table
DataTable dt2 = new DataTable();
usr.Fill(dt1);
pswd.Fill(dt2);
if (dt1.Rows[0][0].ToString() == "1" && dt2.Rows[0][0].ToString() == "1")
{
this.Hide();
new mainform().Show();
}
else if (dt1.Rows[0][0].ToString() != "1" && dt2.Rows[0][0].ToString() != "1")
{
usrerror.Visible = true;
pswrderror.Visible = true;
}
else if (dt1.Rows[0][0].ToString() == "1" && dt2.Rows[0][0].ToString() != "1")
{
usrerror.Visible = false;
pswrderror.Visible = true;
}
else if (dt1.Rows[0][0].ToString() != "1" && dt2.Rows[0][0].ToString() == "1")
{
usrerror.Visible = true;
pswrderror.Visible = false;
}
}
请参阅屏幕截图