SQL Server Querry获取数据 [英] sql server querry fetch data

问题描述

我想从数据库中验证用户ID和paswrd是正确的，我不知道如何编写Querry，但是我不知道如何在sql命令中编写它，实际上我想从文本框中获取用户ID和passwrd，所以如何写

SqlCommand cmd =新的SqlCommand("SELECT * FROM admin，其中 user_id =''admin''和 user_pwd ="''admin''));
下划线的内容必须从文本框中获取并从数据库进行验证，但是如何使用?

i want to verify from database that the user id and paswrd is correct i no that how to write querry but i dont no how to write it in sql command actually i want to fetch user id and passwrd from text box so how to write

SqlCommand cmd = new SqlCommand("SELECT * FROM admin where user_id=''admin'' and user_pwd=''admin''");
the underline thing must be fetch from textbox and verify from database but how???

推荐答案

尝试以下操作:

Try this:

SqlCommand cmd = new SqlCommand("SELECT * FROM admin where user_id=@USERID and user_pwd=@PASSWORD");

cmd.Parameters.Add(new SqlParameter("@USERID", userIDTextbox.Value));
cmd.Parameters.Add(new SqlParameter("@PASSWORD", passwordTextbox.Value));

您将用文本框使用的名称替换userIDTextbox和passwordTextbox.

You will to replace userIDTextbox and passwordTextbox with the names you are using for the text boxes.

当然，这会引起直射攻击
你可以这样使用

ofcource it causes sqlinjection attack
you can use like this

SqlCommand cmd = new SqlCommand("SELECT * FROM admin where user_id=''"+usernametextbox.Text+"'' and user_pwd=''"+passwordtexboxid.Text+"''");

这篇关于SQL Server Querry获取数据的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！