如何将txtbox值与db值进行比较? [英] how to compare txtbox values with db values?
本文介绍了如何将txtbox值与db值进行比较?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我只需要将我的文本框值与db值进行比较,并根据我需要抛出一条消息说成功如果正确,如果错误则会返回不成功的消息。
i just need to compare my text box values with db values and according to that i need to throw a message saying successful if its correct, if its wrong it will return unsuccessful message.
SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString);
try {
cn.Open();
using (SqlCommand command = new SqlCommand("SELECT * FROM Login", cn))
{
//
// Invoke ExecuteReader method.
//
SqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
string name = reader.GetString(0); // Name string
string pass = reader.GetString(1); // Password string
string txtname = UName.Text;
string txtpword = PWord.Text;
if (txtname == name && txtpword == pass)
{
MessageBox.Show("Password Accepted");
this.Close();
}
else
{
MessageBox.Show("Password Not Valid");
}
}
}
catch (Exception ex) { }
finally { }
}
推荐答案
你应该仅从数据库中读取给定用户用户名的一条记录。然后将检索到的密码与文本框中的密码进行比较:
You should only read the one record from database for the given user user name. Then compare the retrieved password to the one in text box:
using (SqlCommand command = new SqlCommand("SELECT pass FROM Login WHERE uname = @uname", cn))
{
command.Parameters.AddWithValue("@uname", UName.Text);
string pass = (string)command.ExecuteScalar();
if (PWord.Text == pass)
{
MessageBox.Show("Password Accepted");
this.Close();
}
else
{
MessageBox.Show("Password Not Valid");
}
}
这是IMO你现在最容易做到的事情。请注意,如果用户根本不在数据库中,则无法处理此情况。并且您不应该像在评论中已经指出的那样以纯文本存储密码。
This is IMO the easiest you can do right now. Please note that this doesn't handle the situation if the user is not in the database at all. And you shouldn't store password in plain text as already pointed out in the comments.
请不要这样做!
首先,它效率极低 - 为什么检索所有人,然后查看他们的名字和密码? SQL有一个WHERE子句,让你说我只对这些行感兴趣。
其次,永远不要以明文形式存储密码 - 这是一个主要的安全性风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ] - 链接包含代码。
Please, don't do that!
Firstly, it's spectacularly inefficient - why retrieve everybody and then look at their names and passwords? SQL has a WHERE clause that lets you say "I'm only interested in these rows".
Secondly, never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^] - the link includes the code.
请参考以下链接。
将文本框值与sql server数据库进行比较 [ ^ ]
Please refer below link .
comparing textbox values with sql server database[^]
这篇关于如何将txtbox值与db值进行比较?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
