当我使用以下代码时,如果用户名和密码相同,它工作正常,如果我提供了错误的用户名和密码,它会给我消息或登录:
private void btnSubmit_Click(object sender, EventArgs e)
{
try
{
SqlConnection con = Helper.getconnection();
con.Open();
SqlCommand cmd = new SqlCommand("select SupportName, Password from Logins where SupportName='" + txtSupportName.Text + "' and Password='" + txtPassword.Text + "'", con);
SqlDataReader dr = cmd.ExecuteReader();
string Name = txtSupportName.Text;
string Pwd = txtPassword.Text;
while (dr.Read())
{
if ((dr["SupportName"].ToString() == Name) && (dr["Password"].ToString() == Pwd))
{
// MessageBox.Show("welcome");
Form Support = new Support();
Support.ShowDialog();
}
else
{
MessageBox.Show("SupportName and password are invalid");
}
}
dr.Close();
con.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
if (txtSupportName.Text == string.Empty)
{
MessageBox.Show("Please enter a value to Support Name!");
txtSupportName.Focus();
return;
}
if (txtPassword.Text == string.Empty)
{
MessageBox.Show("Please enter a value to Description!");
txtPassword.Focus();
return;
}
}
您的代码似乎有一些问题:
-
您应该在运行查询之前验证您的输入
-
您应该参数化查询(SO上有很多示例),而不是使用字符串串联
-
您似乎在假设您将从SQL查询中得到一个结果。您可能应该检查
dr.HasRows
以查看详细信息是否正确,或者检查dr.Read()
是否返回true以确定是否显示消息框 -
您应该使用
using
块来处理DB对象。例如(不确定格式化不起作用的原因):使用(SqlConnection con=Helper.getconnection()){。。。}
而不是显式地调用CCD_ 4和CCD_。即使您确实想显式调用Dispose
和Close
,也应该在finally
块中这样做。
Daniel Kelly写了一个很好的答案,我只是实现了它,并添加了单独的方法来隔离责任
private bool Login(string supportName, string password)
{
if(string.IsNullOrEmpty(supportName) || string.IsNullOrEmpty(password))
{
throw new ArgumentException();
}
using(var connection = Helper.getconnection())
using(var command = connection.CreateCommand())
{
conmmand.CommandText = "SELECT 1 FROM Logins WHERE SupportName=@SupportName AND Password=@Password";
command.Parameters.AddWithValue("@SupportName", supportName);
command.Parameters.AddWithValue("@Password", password);
return command.ExecuteScalar() != null;
}
}
private void ShowSupportForm()
{
var supportName = txtSupportName.Text;
var password = txtPassword.Text;
if (string.IsNullOrEmpty(supportName))
{
MessageBox.Show("Please enter a value to Support Name!");
txtSupportName.Focus();
return;
}
if (string.IsNullOrEmpty(password))
{
MessageBox.Show("Please enter a value to Passwod!");
txtPassword.Focus();
return;
}
if(Login(supportName, password))
{
using(var form = new Support())
{
form.ShowDialog(this);
}
}
else
{
MessageBox.Show("SupportName and password are invalid");
}
}
private void btnSubmit_Click(object sender, EventArgs e)
{
ShowSupportForm();
}
您的代码中存在问题。您忘记检查数据读取器是否有行。
if (dr.HasRows)
{
while (dr.Read())
{
if ((dr["SupportName"].ToString() == Name) && (dr["Password"].ToString() == Pwd))
{
// MessageBox.Show("welcome");
Form Support = new Support();
Support.ShowDialog();
}
else
{
MessageBox.Show("SupportName and password are invalid");
}
}
}
else
{
MessageBox.Show("SupportName and password are invalid");
}
只需添加HasRows
即可检查您的用户名和密码是否存在于表中/它将检索数据库中的数据。
if(dr.HasRows)
{
//username and password exists
while (dr.Read())
{
if ((dr["SupportName"].ToString() == Name) && (dr["Password"].ToString() == Pwd))
{
// MessageBox.Show("welcome");
Form Support = new Support();
Support.ShowDialog();
}
}
}
else
{
//username and password not exists
MessageBox.Show("SupportName and password are invalid");
}
向致以最诚挚的问候