所以我有一个登录表单,我需要从sql数据库中插入名称和密码,但它会出错,因为我的字段是nvarchar,所以我想使用sql参数编辑它。
代码";输入";按钮:
private void button1_Click(object sender, EventArgs e)
{
if (DocName.Text == "" || PassTb.Text == "")
MessageBox.Show("Enter login and password");
else
{
conn.Open();
SqlDataAdapter sda = new SqlDataAdapter("select Count(*) from Doctor where DocName='"+DocName.Text+"' and DocPass='"+PassTb.Text+"'", conn);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows[0][0].ToString() == "1"){
Home H = new Home();
H.Show();
this.Hide();
}
else
{
MessageBox.Show("Invalid login or password");
}
conn.Close();
}
}
我想如果我使用cmd.parameters.AddWithValue,它会解决我的问题,但我不知道怎么做,所以我很乐意得到的任何帮助
编辑:好吧,所以我实际上编辑了代码并添加了参数,但我仍然不知道如何使用DataAdapter。。因此它给出了一个错误;System.Data.SqlClient.SqlException:"必须声明标量变量"@DocName">
编辑的按钮代码:
public static SqlDataAdapter CreateCustomerAdapter(SqlConnection conn)
{
SqlDataAdapter adapter = new SqlDataAdapter();
// Create the SelectCommand.
SqlCommand command = new SqlCommand("SELECT * FROM Doctor " +
"WHERE DocName = @DocName AND DocPass = @DocPass", conn);
// Add the parameters for the SelectCommand.
command.Parameters.Add("@DocName", SqlDbType.NVarChar, 50);
command.Parameters.Add("@DocName", SqlDbType.NVarChar, 50);
adapter.SelectCommand = command;
return adapter;
}
private void button1_Click(object sender, EventArgs e)
{
conn.Open();
SqlDataAdapter sda = CreateCustomerAdapter(conn);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows[0][0].ToString() == "1")
{
Home H = new Home();
H.Show();
this.Hide();
}
else
{
MessageBox.Show("Invalid login or password");
}
conn.Close();
}
您可以尝试以下代码来检查您的用户名或密码是否正确。
private void button1_Click(object sender, EventArgs e)
{
string connstr = @"connstr";
SqlConnection connection = new SqlConnection(connstr);
connection.Open();
string sql = "select * from Doctor WHERE DocName = @DocName AND DocPass = @DocPass";
SqlCommand command = new SqlCommand(sql,connection);
command.Parameters.AddWithValue("@DocName",txtName.Text);
command.Parameters.AddWithValue("@DocPass", txtPwd.Text);
SqlDataReader reader = command.ExecuteReader();
if(reader.HasRows)
{
Form2 form2 = new Form2();
form2.Show();
this.Hide();
}
}
private void Form1_Load(object sender, EventArgs e)
{
txtPwd.PasswordChar = '*';
}
这是我为一个小项目编写的一段非常旧的代码,但
它的工作方式是存在一个类来散列密码(加密和解密(。当用户添加他/她的密码时,应用程序会加密密码字段上的任何内容,并将其与数据库上的内容匹配。如果用户名和密码与用户表上的记录匹配,它将继续登录。
try
{
string LoginCommand = "select * from user_login where UserName ='" + textBox1.Text + "'";
using (SqlConnection LoginCon = new SqlConnection(ConfigurationManager.ConnectionStrings["ConfigString"].ToString()))
using (SqlCommand LoginCom = LoginCon.CreateCommand())
{
label8.Text = "Finding User in system..";
LoginCom.CommandText = LoginCommand;
LoginCon.Open();
using (SqlDataReader Reader = LoginCom.ExecuteReader())
{
if (Reader.Read())
{
//label8.Text = priv;
label8.Text = "User Found!";
Password = Reader["EncrPassword"].ToString();
priv = Reader["Privillages"].ToString();
IsExist = true;
}
}
LoginCon.Close();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
if (IsExist) //if record exis in db , it will return true, otherwise it will return false
{
if (Cryptography.Decrypt(Password).Equals(textBox2.Text))
{
label8.Text = "Making sure Everything is Ready!";
User = textBox1.Text;
// MessageBox.Show("Login Success", "Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
GetAcces();
this.Hide();
MainWindow frm1 = new MainWindow();
frm1.ShowDialog();
//We Show pop up here.
try
{
// show
}
catch (Exception)
{
throw;
}
}
else
{
MessageBox.Show("Password is wrong!...", "error", MessageBoxButtons.OK, MessageBoxIcon.Information);
label8.Text = "Your Password or UserName is incorrect - Please Try again!";
}
}
else //showing the error message if user credential is wrong
{
MessageBox.Show("Please enter the valid credentials", "error", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message.ToString(), "Cannot Locate Server");
}
我想这就是你想要的
command.Parameters.Add("@DocName",SqlDbType.NVarChar,50(;
您必须添加
command。参数[quot;@DocName"].Value=DocName.text;
这样,您就可以将docname.text的值传递给参数,同时仍然确保它接受之前的正确数据类型