创建.exe后,C#(登录表单)获取db错误 [英] C# (login form) getting error with db after creating an .exe
问题描述
抱歉我的英语和新来的
我试图在visualstudio中创建一个带数据表的登录表单应用程序
它工作正常在我的电脑中,我创建了程序..
但是在我为笔记本电脑创建设置后,按下登录按钮后出现错误
弹出窗口说
登录
X您的申请中发生了未处理的异常..-
尝试为文件C附加自动命名的数据库:\users \ user \Documents\testlogin.mdf失败。存在具有相同名称的数据库,
或指定的文件无法打开,或者它位于UNC共享上。
我尝试过:
对不起语言
LoginButton
private void btnLogin_Click(object sender,EventArgs e)
{
SqlConnection conn = new SqlConnection(@Data Source =(LocalDB)\\ \\ MSSQLLocalDB; AttachDbFilename = C:\Users\iSunner \Documents\testlogin.mdf; Integrated Security = True; Connect Timeout = 30);
SqlDataAdapter sda = new SqlDataAdapter(select count(*)from login where username ='+ TxtUsername.Text +'and password ='+ txtPassword.Text +',conn);
DataTable dt = new DataTable();
sda.Fill(dt);
if(dt.Rows [0] [0] .ToString()==1)
{
this.Hide();
ListMeja lm = new ListMeja();
lm.Show();
}
else
{
MessageBox.Show(用户名/密码salah,ADUH!,MessageBoxButtons.OK,MessageBoxIcon.Error);
}
}
字符串查询=选择计数(* )来自LogInfo,其中UserName = @ uname和PassWord = @ pwd;
SqlCoomad cmd = new SqlCoomand(Query,conn);
cmd.Parameter.Add(new SqlParameter( @Uname,Textbox1.Text));
cmd.Parameter.Add(new SqlParameter(@ pwd,Textbox2.Text);
< pre lang =c#> SqlDataAdapter sda = new SqlDataAdapter( 从登录处选择计数(*),其中username =' + TxtUsername.Text + '和password =' + txtPassword.Text + ',conn);
不是你问题的解决方案,而是你遇到的另一个问题。
永远不要通过连接字符串来构建SQL查询。迟早,你会做它与用户输入,这打开了一个名为SQL注入的漏洞,它对您的数据库很容易出错并且容易出错。
名称中的单引号和程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞,崩溃是最少的问题,恶意用户输入,并且它被提升为具有所有凭据的SQL命令。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
按示例进行SQL注入攻击 [ ^ ]
PHP:SQL注入 - 手册 [ ^ ]
SQL注入预防备忘单 - OWASP [ ^ ]
我该怎么办?解释没有技术术语的SQL注入? - 信息安全堆栈交换 [ ^ ]
sorry with my english and new to this
im trying to create a login form application with datatable in visualstudio
it works fine in my pc that i created the program with..
but after i create a setup for my laptop it gets me an error after i press login button
pop up window says
Login
X Unhandled exception has occured in your application..-
An attemp to attach an auto-named database for file C:\users\user\Documents\testlogin.mdf failed. A database with the same name exist,
or specified file cannot be opened, or it is located on UNC share.
What I have tried:
Sorry for language
LoginButton
private void btnLogin_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\iSunner\Documents\testlogin.mdf;Integrated Security=True;Connect Timeout=30");
SqlDataAdapter sda = new SqlDataAdapter("select count(*) from login where username ='" + TxtUsername.Text + "' and password='" + txtPassword.Text + "'", conn);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows[0][0].ToString() == "1")
{
this.Hide();
ListMeja lm = new ListMeja();
lm.Show();
}
else
{
MessageBox.Show("Username/password salah", "ADUH!", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
String Query="Select Count(*)from LogInfo where UserName=@uname and PassWord=@pwd;
SqlCoomad cmd=new SqlCoomand(Query,conn);
cmd.Parameter.Add(new SqlParameter("@Uname",Textbox1.Text));
cmd.Parameter.Add(new SqlParameter("@pwd",Textbox2.Text);
SqlDataAdapter sda = new SqlDataAdapter("select count(*) from login where username ='" + TxtUsername.Text + "' and password='" + txtPassword.Text + "'", conn);
Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
How can I explain SQL injection without technical jargon? - Information Security Stack Exchange[^]
这篇关于创建.exe后,C#(登录表单)获取db错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
