我正在为学校做一个简单的项目,我必须创建一个登录表单,并使其成为当一个人登录它,然后显示他们的个人资料与他们所有的用户信息。那么我如何在windows窗体c#中编写文本框,以便当一个人登录时,文本框显示从刚刚登录的人的数据库中收集的信息。
这是登录表单的代码。
OleDbConnection connection = new OleDbConnection(); connection.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\RAV21001310\OneDrive\Database1.accdb;";
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "select * from tblUser where Username= '"+username.Text+"' and Password= '"+password.Text+"'";
OleDbDataReader reader = command.ExecuteReader();
int count = 0;
while (reader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("Username and password is correct");
var profile = new profile();
}
if (count > 1)
{
MessageBox.Show("Duplicate username and password");
}
else
{
MessageBox.Show("Username or password incorrect");
}
connection.Close();
正如我在评论中所说的,始终在查询字符串中使用参数。另外,由于OleDbDataReader是正向只读的,所以我要做的是创建一个新用户,并为返回的每条记录添加一个列表。然后,如果只得到一条记录,则使用该用户数据填充表单。你代码中的另一个主要缺陷是……您将密码以纯文本的形式存储在数据库中。最佳实践是使用单向加密对密码进行加密/散列,并仅将散列存储在数据库中。每次用户在登录时输入密码,使用相同的算法对其进行哈希,并将其与存储在DB中的哈希进行比较。
这是一个结合Using(由@Flydog57建议)和Parameters的例子。但我不会展示如何散列和存储加密密码。
using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Data.OleDb;
public class Program
{
public static void Main()
{
using (OleDbConnection connection = new OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\Users\RAV21001310\OneDrive\Database1.accdb;"))
{
connection.Open();
using (OleDbCommand command = new OleDbCommand("SELECT * FROM tblUser WHERE Username=@Username AND Password=@Password", connection))
{
command.Parameters.AddWithValue("@Username", username.text);
command.Parameters.AddWithValue("@Password", password.text);
using (OleDbDataReader reader = command.ExecuteReader())
{
int count = 0;
List<User> UserList = new List<User>();
while (reader.Read())
{
count = count + 1;
User user = new User() {
Username = reader.GetString(1),
FirstName = reader.GetString(2),
LastName = reader.GetString(3),
DateCreated = reader.GetDateTime(4)
};
UserList.Add(user);
}
if (count == 1)
{
//Alert User
MessageBox.Show("Username and password is correct");
//Create an instance of the ProfileForm and populated it with the User data.
var ProfileForm pf = new ProfileForm(UserList[0]);
//Show the Profile Form as a modal window.
pf.ShowDialog();
}
if (count > 1)
{
MessageBox.Show("Duplicate username and password");
}
else
{
MessageBox.Show("Username or password incorrect");
}
}
}
connection.Close();
}
}
}
//This is a class to hold user data.
public class User {
public string Username { get; set; } = "";
public string Password { get; set; } = "";
public string FirstName { get; set; } = "";
public string LastName { get; set; } = "";
public DateTime DateCreated { get; set; } = DateTime.MinValue;
}
这是一个"profileform"背后代码的快速示例。验证用户身份验证后,然后创建ProfileForm的实例,用userdata填充它,然后向用户显示表单。还有许多其他的方法来填充配置文件表单和处理用户数据的更新,这只是一个例子。
public class ProfileForm : Form
{
public User User
{
get
{
//When you get the User, update all the user data from text boxes.
User.FirstName = firstnameTextBox.Text;
User.LastName = lastnameTextBox.Text;
//return the newly updated User variable.
return User;
}
set
{
//When we write new data to the form User variable,
//populate each relevant text box on the form.
usernameTextBox.Text = User.Username;
firstnameTextBox.Text = User.FirstName;
lastnameTextBox.Text = User.LastName;
}
}
public ProfileForm(User User) {
this.User = User;
}
}