Windows窗体登录



当我使用以下代码时,如果用户名和密码相同,它工作正常,如果我提供了错误的用户名和密码,它会给我消息或登录:

 private void btnSubmit_Click(object sender, EventArgs e)
        {
            try
            {
                SqlConnection con = Helper.getconnection();
                con.Open();
                SqlCommand cmd = new SqlCommand("select SupportName, Password from Logins where SupportName='" + txtSupportName.Text + "' and Password='" + txtPassword.Text + "'", con);
                SqlDataReader dr = cmd.ExecuteReader(); 
                string Name = txtSupportName.Text;
                string Pwd = txtPassword.Text;
                while (dr.Read())
                {
                    if ((dr["SupportName"].ToString() == Name) && (dr["Password"].ToString() == Pwd))
                    {
                       // MessageBox.Show("welcome");
                        Form Support = new Support();
                        Support.ShowDialog();
                }
                else
                {
                    MessageBox.Show("SupportName and password are invalid");
                }
            }
            dr.Close();
            con.Close();
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message);
        }
        if (txtSupportName.Text == string.Empty)
        {
            MessageBox.Show("Please enter a value to Support Name!");
            txtSupportName.Focus();
            return;
        }
        if (txtPassword.Text == string.Empty)
        {
            MessageBox.Show("Please enter a value to Description!");
            txtPassword.Focus();
            return;
        }
    }

您的代码似乎有一些问题:

  1. 您应该在运行查询之前验证您的输入

  2. 您应该参数化查询(SO上有很多示例),而不是使用字符串串联

  3. 您似乎在假设您将从SQL查询中得到一个结果。您可能应该检查dr.HasRows以查看详细信息是否正确,或者检查dr.Read()是否返回true以确定是否显示消息框

  4. 您应该使用using块来处理DB对象。例如(不确定格式化不起作用的原因):

    使用(SqlConnection con=Helper.getconnection()){。。。}

而不是显式地调用CCD_ 4和CCD_。即使您确实想显式调用DisposeClose,也应该在finally块中这样做。

Daniel Kelly写了一个很好的答案,我只是实现了它,并添加了单独的方法来隔离责任

private bool Login(string supportName, string password)
{
   if(string.IsNullOrEmpty(supportName) || string.IsNullOrEmpty(password))
   {
      throw new ArgumentException();
   }
   using(var connection = Helper.getconnection())
   using(var command = connection.CreateCommand())
   {
      conmmand.CommandText = "SELECT 1 FROM Logins WHERE SupportName=@SupportName AND Password=@Password";
      command.Parameters.AddWithValue("@SupportName", supportName);
      command.Parameters.AddWithValue("@Password", password);
      return command.ExecuteScalar() != null;
   }
}
private void ShowSupportForm()
{
   var supportName = txtSupportName.Text;
   var password = txtPassword.Text;
   if (string.IsNullOrEmpty(supportName))
   {
      MessageBox.Show("Please enter a value to Support Name!");
      txtSupportName.Focus();
      return;
   }
   if (string.IsNullOrEmpty(password))
   {
      MessageBox.Show("Please enter a value to Passwod!");
      txtPassword.Focus();
      return;
   }
   if(Login(supportName, password))
   {
      using(var form = new Support())
      {
         form.ShowDialog(this);
      }
   }
   else
   {
      MessageBox.Show("SupportName and password are invalid");
   }
}
private void btnSubmit_Click(object sender, EventArgs e)
{
    ShowSupportForm();
}

您的代码中存在问题。您忘记检查数据读取器是否有行。

if (dr.HasRows)
    {
        while (dr.Read())
        {
            if ((dr["SupportName"].ToString() == Name) && (dr["Password"].ToString() == Pwd))
            {
                // MessageBox.Show("welcome");
                Form Support = new Support();
                Support.ShowDialog();
            }
            else
            {
                MessageBox.Show("SupportName and password are invalid");
            }
        }
    }
    else
    {
        MessageBox.Show("SupportName and password are invalid");
    }

只需添加HasRows即可检查您的用户名和密码是否存在于表中/它将检索数据库中的数据。

if(dr.HasRows)
{
  //username and password exists
  while (dr.Read())
        {
            if ((dr["SupportName"].ToString() == Name) && (dr["Password"].ToString() == Pwd))
            {
                // MessageBox.Show("welcome");
                Form Support = new Support();
                Support.ShowDialog();
            }
        }
}
else
{
//username and password not exists
MessageBox.Show("SupportName and password are invalid");
}

向致以最诚挚的问候

最新更新