从后端SQL服务器获取错误甚至用户名和密码也是正确的 [英] Getting error even the username and password is correct from backend SQL server
本文介绍了从后端SQL服务器获取错误甚至用户名和密码也是正确的的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这是我在c#windows窗体应用程序中登录按钮的代码
here is my code for login button in c# windows forms application
private void button1_Click_1(object sender, EventArgs e)
{
string cs = @"Data Source=.;Database=master;Integrated Security=True;";
if (textBox1.Text == "" || textBox2.Text == "")
{
MessageBox.Show("Please provide UserName and Password");
return;
}
try
{
//Create SqlConnection
SqlConnection con = new SqlConnection(cs);
SqlCommand cmd = new SqlCommand("Select * from Register where UserNmae=@username and Password=@password", con);
cmd.Parameters.AddWithValue("@username", textBox1.Text);
cmd.Parameters.AddWithValue("@password", textBox2.Text);
con.Open();
SqlDataAdapter adapt = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
adapt.Fill(ds);
con.Close();
int count = ds.Tables[0].Rows.Count;
//If count is equal to 1, than show frmMain form
if (count == 1)
{
MessageBox.Show("Login Successful!");
this.Hide();
Dashboard dsb = new Dashboard();
}
else
{
MessageBox.Show("Login Failed!");
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
我的尝试:
我试图将它与sql server连接以连接表中的字段。
输入正确的用户名和密码后显示错误。
What I have tried:
I have tried to connect it with sql server to connect with the table have the fields.
its showing error after entering the correct username and password.
推荐答案
检查此法术 UserNmae
正如已经指出的那样,你可能有一个拼写错误列名,但是......
更重要的是,您似乎以纯文本方式处理密码,因此任何有权访问数据库的人都可以看到用户密码。绝不允许这样做。没有人,甚至数据库管理员都不应该能够看到个人的密码。
如果你考虑一下,你只需要检查一下密码匹配到用户注册或开始使用系统时提供的密码。这意味着您不需要知道密码是什么,只有它完全相同。这样做的方法是使用单向散列。在开始时,存储密码的哈希值,然后在尝试登录时检查哈希值是否匹配。
有关更多信息,请查看密码存储:如何做。 [ ^ ]
另一个重要的事情是你为你的应用程序表使用master数据库。您永远不应将任何表放在master或任何其他系统数据库中。顾名思义,它们应仅供系统使用。通常的做法是为您自己的系统创建一个单独的数据库。
As already pointed out, you probably have a misspelling in the column name, but...
Much more important is that you seem to handle passwords in plain text so anyone who has access to the database can see users passwords. This should never be allowed. No-one, not even the database administrator should be able to see what is the password for an individual.
If you think about it, you only need to check if the password matches to the one the user has provided when registered or starting to use the system. This means that you don't need to know what the password is, only if it's the exact same. The way to do this is to use one-way hashing. In the beginning, store the hash for the password and later check if the hash matches when trying to log in.
For more information, go through Password Storage: How to do it.[^]
Another important thing is that you usemasterdatabase for your application's tables. You should never put any of your tables inmasteror any other system databases. As the name says, they should be reserved for system use only. Common practice is to create a separate database for your own system.
您应该学习尽快使用调试器。而不是猜测你的代码在做什么,现在是时候看到你的代码执行并确保它完成你期望的。
调试器允许你跟踪执行逐行检查变量,你会看到它有一个停止做你期望的点。
调试器 - 维基百科,免费的百科全书 [ ^ ]
掌握Visual Studio 2010中的调试 - A初学者指南 [ ^ ]
调试器在这里向您展示您的代码正在做什么,您的任务是与它应该做什么进行比较。 />
当代码不做ex的时候你接近一个bug。
如果 Karthik Bangalore 正确地发现了这个问题,你在SQL服务器上有一条错误消息告诉你查询使用未知列。
You should learn to use the debugger as soon as possible. Rather than guessing what your code is doing, It is time to see your code executing and ensuring that it does what you expect.
The debugger allow you to follow the execution line by line, inspect variables and you will see that there is a point where it stop doing what you expect.
Debugger - Wikipedia, the free encyclopedia[^]
Mastering Debugging in Visual Studio 2010 - A Beginner's Guide[^]
The debugger is here to show you what your code is doing and your task is to compare with what it should do.
When the code don't do what is expected, you are close to a bug.
If Karthik Bangalore correctly spotted the problem, you have an error message on SQL server telling you that the query uses an unknown column.
这篇关于从后端SQL服务器获取错误甚至用户名和密码也是正确的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
