无法获取sql来检测管理员 [英] cant get sql to detect admin
问题描述
我无法让我的程序检测管理员用户。我创建了一个登录系统,但是当管理员登录时,它会跳过sql查询并继续打开用户屏幕,而不是管理员。这是我的代码:
Im having trouble getting my program to detect admin users. I have created a login system, but when an admin logs in, it skips past the sql query and moves on to open a user screen, not an admin. Here is my code:
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;
using System.Data.SqlTypes;
namespace myLoginProject
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
SqlConnection connection = new SqlConnection(@"server=.\SQLEXPRESS; database=loginTest;Trusted_Connection=yes");
connection.Open();
string selection = "select * from Logins where Name = '" + userNameBox.Text + "' and Password = '" + passwordBox.Text + "' ";
SqlCommand command = new SqlCommand(selection, connection);
SqlDataAdapter da = new SqlDataAdapter(command);
DataSet ds = new DataSet();
da.Fill(ds);
DataTable dt = ds.Tables[0];
}
private void registerButton_Click(object sender, EventArgs e)
{
adminAuthScreen aas = new adminAuthScreen();
aas.Show();
}
private int myMethod(string user, string pass)
{
user.Trim();
pass.Trim();
SqlConnection connection = new SqlConnection(@"server=.\SQLEXPRESS; database=loginTest;Trusted_Connection=yes");
connection.Open();
string selection = "select * from Logins where Name = '"+user+"' and Password = '"+pass+"' ";
SqlCommand command = new SqlCommand(selection, connection);
if (command.ExecuteScalar() != null)
return 1;
else
return 0;
}
private void loginButton_Click(object sender, EventArgs e)
{
if (myMethod(userNameBox.Text,passwordBox.Text)>0)
{
MessageBox.Show("Welcome back, "+userNameBox.Text);
SqlConnection myConnection = new SqlConnection(@"server=.\SQLEXPRESS; database=loginTest;Trusted_Connection=yes");
try
{
myConnection.Open();
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
string checkAdmin1 = "SELECT * FROM Logins WHERE User = '"+userNameBox.Text+"' AND User='Admin'";
SqlCommand checkIfAdmin = new SqlCommand(checkAdmin1, myConnection);
if (checkIfAdmin.ExecuteScalar() != null)
{
adminScreen admnscrn = new adminScreen();
admnscrn.Show();
}
else
{
userScreen usrscrn = new userScreen();
usrscrn.Show();
}
}
}
public SqlConnection connection { get; set; }
}
}
看起来这个问题就是问题(至少是调试时的问题) ):
It seems like this bit is the problem (at least its the problem during debugging):
string checkAdmin1 = "SELECT * FROM Logins WHERE User = '"+userNameBox.Text+"' AND User='Admin'";
SqlCommand checkIfAdmin = new SqlCommand(checkAdmin1, myConnection);
if (checkIfAdmin.ExecuteScalar() != null)
{
adminScreen admnscrn = new adminScreen();
admnscrn.Show();
}
else
{
userScreen usrscrn = new userScreen();
usrscrn.Show();
}
}
}
任何人都可以帮我找出问题所在? ?
Can anyone help me find out what the problem is???
推荐答案
也许它应该是这个?
Maybe it should be this?
SELECT * FROM Logins WHERE Name = '"+userNameBox.Text+"' AND User='Admin';
您正在检查User = Admin和User = Admin ...但是当他们登录时,请从userNameBox字段中检查Name列中的用户名。我猜你只是没有检查SQL中的正确字段。
You are checking if the User = Admin and User = Admin... But when they log in you check the Name column for the user name from the userNameBox field. I'm guessing you just aren't checking the right field in the SQL.
IVE GOT IT!当用户处于设计模式时,列用户被[]包围!我把它改成了UserType,它有效,成功!我不明白为什么它周围有[] ...
IVE GOT IT! The column user, when in design mode, was surrounded by []! I changed it to UserType and it works, SUCCESS! I dont understand why it had [] around it though...
这篇关于无法获取sql来检测管理员的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
