我的问题是如何简化或改进此代码?我正在为营养学家提供用户登录。谢谢您的回复。
private void btnLogin_Click(object sender, EventArgs e)
{
if (tbUser.Text == "")
{
MessageBox.Show("Please input user name.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (tbPassword.Text == "")
{
MessageBox.Show("Please input password name.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
if (SQL.ConnectionOpen() == true)
{
Query = "SELECT * FROM users WHERE user_name = '" + tbUser.Text + "' AND password = '" + tbPassword.Text + "'";
SQL.Command = new MySqlCommand(Query, SQL.Conexion);
SQL.Reader = SQL.Command.ExecuteReader();
if (SQL.Reader.Read() == true)
{
frmMain Main = new frmMain();
Main.Show();
tbUser.Clear();
tbPassword.Clear();
SQL.Reader.Dispose();
SQL.Command.Dispose();
SQL.Reader.Close();
SQL.ConnectionClose();
this.Hide();
}
else
{
MessageBox.Show("User or password incorrect.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
SQL.Reader.Dispose();
SQL.Command.Dispose();
SQL.Reader.Close();
SQL.ConnectionClose();
}
}
}
}
这是SQL类,我正在使用MySQL作为数据库:
using System;
using MySql.Data;
using MySql.Data.MySqlClient;
using System.Windows.Forms;
namespace NutriHelp
{
public class SQL
{
public static MySqlConnection Connection = new MySqlConnection("SERVER=localhost;DATABASE=nutrihelp;UID=root;PASSWORD=1234;");
public static MySqlDataReader Reader;
public static MySqlCommand Command;
public static bool ConnectionOpen()
{
try
{
Connection.Open();
return true;
}
catch (MySqlException ex)
{
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator.");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again.");
break;
}
return false;
}
}
public static bool ConnectionClose()
{
try
{
Connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
}
}
我也在执行插入,更新,也许还有一些删除。
update 我想我使用Parameters
和Base64Encode
改善了我的改进,我不想做一个非常复杂的加密,例如Salt
和Hash
加密,因为它是一组营养学家的简单软件。
无论是我的"改进"代码,有点:
private void btnLogin_Click(object sender, EventArgs e)
{
string strUser = tbUser.Text;
string strPassword = tbPassword.Text;
if (tbUser.Text == "")
{
MessageBox.Show("Please input username", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (tbPassword.Text == "")
{
MessageBox.Show("Please input password", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
if (SQL.ConnectionOpen() == true)
{
SQL.Command = new MySqlCommand();
SQL.Command.CommandText = "SELECT * FROM user WHERE username=@username AND password=@password;";
SQL.Command.Parameters.AddWithValue("@username", strUser);
SQL.Command.Parameters.AddWithValue("@password", Base64Encode(strPassword));
SQL.Command.Connection = SQL.Connection;
SQL.Reader = SQL.Command.ExecuteReader();
if (SQL.Reader.Read())
{
frmMain Main = new frmMain();
this.Hide();
Main.ShowDialog();
tbUser.Clear();
tbPassword.Clear();
SQL.CleanConnection();
SQL.ConnectionClose();
this.Close();
}
else
{
MessageBox.Show("User or password are incorrect", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
SQL.CleanConnection();
SQL.ConnectionClose();
}
}
}
}
SQL类:
public class SQL
{
public static MySqlConnection Connection = new MySqlConnection("SERVER=localhost;DATABASE=nutrihelp;UID=root;PASSWORD=somepassword;");
public static MySqlDataReader Reader;
public static MySqlCommand Command;
public static bool ConnectionOpen()
{
try
{
Connection.Open();
return true;
}
catch (MySqlException ex)
{
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator.");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again.");
break;
}
return false;
}
}
public static bool ConnectionClose()
{
try
{
Connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
public static void CleanConnection()
{
Reader.Dispose();
Command.Dispose();
Reader.Close();
}
}
感谢@tony Tom和@soumen Mukherjee的建议。
而不是传递Inline查询,在MySQL数据库中创建一个存储过程,并将参数传递为SQLCommand参数。
https://www.w3schools.com/sql/sql_stored_procedures.asp
您应该始终将密码作为数据库中的加密存储,因此当用户输入密码时,您必须对其进行加密并与数据库中的密码进行比较。
如何编码和解码base64字符串?