我的登录代码如何显示? [英] How does my login codes look?
问题描述
代码:
<前lang =c#> 私人 static SqlConnection conn = new SqlConnection( Data Source =' + Connection.Server + '; Database =' + Connection.DB + '; User ID =' + Connection.SQLUsername + '; Password =' + Connection.SQLPass + ');
private static SqlCommand登录;
private static SqlDataReader rdr;
private string user,pass,type;
private readonly 登录lf;
public FormLogin(登录登录表单){
此 .lf = loginform;
}
public void sqlLogin(){
user = Login.user;
pass = Login.pass;
尝试 {
string cmd = 从User_Accounts中选择Username,Password,Acct_Type,其中Username = @ user和Password = @ pass;
使用(login = new SqlCommand(cmd,conn)){
login .Parameters.AddWithValue( @ user,user);
login.Parameters.AddWithValue( @ pass,pass);
conn.Open();
rdr = login.ExecuteReader();
if (rdr.HasRows == true ){
while (rdr.Read()== true ){
getData();
if (type == 管理员){
// 显示管理表格
hideForm();
} 其他 {
// 显示用户表单
hideForm();
}
}
}
}
} catch (例外){
MessageBox。显示( 服务器配置错误, 错误,MessageBoxButtons.OK,MessageBoxIcon.Error);
} 最后 {
if (rdr!= null ){
rdr.Close();
}
if (conn.State == ConnectionState.Open){
conn.Close();
}
}
}
private void getData(){
user = rdr.GetString( 0 );
pass = rdr.GetString( 1 );
type = rdr.GetString( 2 );
}
private void hideForm(){
Login.signin.Hide();
lf.txtUsername.Text = ;
lf.txtPassword.Text = ;
}
我的尝试:
我尝试使用get-set,但此时我很困惑。 :\
这不好。你在那里做了很多令人讨厌的事情。
首先你要使用类变量来做本地的事情:你的连接和读者。更糟糕的是,它们是static
!
您使用使用
块作为命令,但是手动关闭阅读器。
你正在进行无关的测试:
if (rdr.HasRows == true ){
while (rdr.Read()= = true ){所以你比较一个已经是bool的值和一个固定的bool?只需说:
if (rdr.HasRows){
while (rdr.Read()){它更容易阅读。
你应该在你的阅读器上使用循环 - 根据定义 - 只有一个匹配的行。如果有两个,那么你的数据就会出现严重错误!
您的异常捕获并不好 - 您捕获所有异常(不推荐),然后在配置中将其报告为单个错误丢弃可能有助于您诊断问题的所有信息。
整个代码中有两条注释:它们是多余的并且具有误导性。
您已经指定了列从您的数据库中检索 - 这很好 - 但您检索已有的信息并通过数字索引以不同的方法访问数据 - 因此您所做的任何更改都必须位于两个不同的位置。
但最糟糕的是你的整个过程:在文本中存储密码是一个非常糟糕的主意。 Code Crime 1 [ ^ ]
看看这里:密码存储:怎么做。 [ ^ ]
What do you think? How do you think should I improve it? Thanks who can help!
Code:
private static SqlConnection conn = new SqlConnection("Data Source = '" + Connection.Server + "'; Database = '" + Connection.DB + "'; User ID = '" + Connection.SQLUsername + "'; Password = '" + Connection.SQLPass + "'");
private static SqlCommand login;
private static SqlDataReader rdr;
private string user, pass, type;
private readonly Login lf;
public FormLogin(Login loginform) {
this.lf = loginform;
}
public void sqlLogin() {
user = Login.user;
pass = Login.pass;
try {
string cmd = "select Username, Password, Acct_Type from User_Accounts where Username=@user and Password=@pass";
using (login = new SqlCommand(cmd, conn)) {
login.Parameters.AddWithValue("@user", user);
login.Parameters.AddWithValue("@pass", pass);
conn.Open();
rdr = login.ExecuteReader();
if (rdr.HasRows == true) {
while (rdr.Read() == true) {
getData();
if (type == "Administrator") {
//Show the admin form
hideForm();
} else {
//Show the user form
hideForm();
}
}
}
}
} catch (Exception) {
MessageBox.Show("Error in server configuration", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
} finally {
if (rdr != null) {
rdr.Close();
}
if (conn.State == ConnectionState.Open) {
conn.Close();
}
}
}
private void getData() {
user = rdr.GetString(0);
pass = rdr.GetString(1);
type = rdr.GetString(2);
}
private void hideForm() {
Login.signin.Hide();
lf.txtUsername.Text = "";
lf.txtPassword.Text = "";
}
What I have tried:
I tried using get-set but it is confusing for me at this time. :\
That's not good. You are doing a number of nasty things there.
First off you are using class variables for things that should be local: your connection and reader. Worse, they arestatic
!
You are using ausing
block for your command, but manually closing the reader.
You are doing irrelevant tests:
if (rdr.HasRows == true) { while (rdr.Read() == true) {So you compare a value that is already a bool with a fixed bool? Just say:
if (rdr.HasRows) { while (rdr.Read()) {It's a lot easier to read.
You use a loop on your reader when there should - by definition - be only one matching row. If there are two, there is something seriously wrong with your data!
Your exception catching is not good - you catch all exceptions (which is not recommended) and then report it as a single error in configuration before discarding all the information that might help you diagnose the problem.
There are two comments in the whole code: and they are redundant and misleading.
You have specified the columns you retrieve from your DB - which is good - but you retrieve information you already have and access the data via numeric indexes in a different method - so any changes you make have to be in two separate places.
But the worst thing is your whole process: storing passwords in text is a very bad idea. Code Crime 1[^]
Have a look here: Password Storage: How to do it.[^]
这篇关于我的登录代码如何显示?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!