如何检查我的数据表列是否包含特定值? [英] How Do I Check If My Datatable Column Contains A Specific Value?
问题描述
我正忙着申请并尝试制作签名/注册功能。我想检查通过文本框输入的详细信息是否存在于用户名列中的数据库中。如果它存在,则应显示另一个表单。
在我的应用程序中,我正在使用业务层(3层架构)。
输入错误的密码。不知道我做错了什么
I am busy with an application and trying to make a sign/register function. I want to check if the details entered via textbox exist in the database in the username column. If it exists the other form should be displayed.
In my application I'm using the business layer(3-tier architecture).
Keep getting wrong password entered. Don't know what I'm doing wrong
public string GetUserNames(string username)
//method in business layer that returns a string(username)
{
string usr = "";
DataTable dtNames = new DataTable();
dbCmd = new SqlCommand("sp_GetUserNames ", dbConn);
dbAdapter = new SqlDataAdapter(dbCmd);
dbAdapter.Fill(dtNames);
//looping through datatable column searching for username
foreach(DataColumn col in dtNames.Columns)
{
if(username == dtNames.Columns["Username"].ToString())
{
usr = username;
break;
}
}
return usr;
}
//When the sign in button is pressed
private void btnSignIn_Click(object sender, EventArgs e)
{
bool isValid;
string nameFound = "";
if (txtUserName.Text == (bl.GetUserNames(txtUserName.Text).ToString()) && (txtPassword.Text == (bl.GetPassWords(txtPassword.Text).ToString())))
{
nameFound = txtUserName.Text;
isValid = true;
FrmMainMenu menu = new FrmMainMenu(txtUserName.Text,cmbEmployeeType.SelectedItem.ToString());
menu.Show();
this.Hide();
}
else
{
isValid = false;
MessageBox.Show("Wrong password enterd!!", "ERROR");
}
}
推荐答案
嗯。
我将成为在这里诚实,并说这太可怕了。
你做错了很多东西:我只是点亮了亮点:
1)为什么要从数据库中获取所有用户名并查看它们以查看用户键入的用户名是否在那里?假设这个网站做到了这一点,那么12,000,000名用户认为您需要花多少时间?如果用户在那里,请询问SQL,而不是使用SP返回所有用户:
Um.
I'm going to be honest here, and say that that's horrible.
There are a whole load of things you are doing wrong: and I'll just hit the highlights:
1) Why are you fetching all the usernames from the DB and looking through them to see if the one the user typed is in there? Assuming this site did that, with 12,000,000 users how much time do you think that would take? Instead of using an SP to return all users, ask SQL if the user is there:
dbCmd = new SqlCommand("SELECT COUNT(*) FROM MyUsersTable WHERE userName = @UN", dbConn);
dbCmd.Parameters.AddWithValue("@UN", txtUserName.Text);
int users = (int) dbCmd.ExecuteScalar(); 如果它返回零,他不在那里。如果它返回一个,他就是。如果它返回任何其他数字,则表明您的数据库存在问题...
2)切勿以明文形式存储密码!请参阅此处: http:// www .commitstrip.com / wp-content / uploads / 2013/09 / Strips-Erreur-au-pilori-001-650-finalenglish.jpg [ ^ ]
在此处:密码存储:如何操作。 [ ^ ] - 我知道这是更多的工作,但它是值得的!
3)你没有显示GetPasswords方法,但如果它像GetUserNames那样它是一个非常糟糕的代码:我可以使用我的密码登录您的帐户 - 因为我的密码在数据库中匹配,您的用户名也是如此 - 您不检查以确保它们是用于同一个账号! :OMG:
4)为什么在商业层?它直接访问数据库,因此它是数据层功能...
If it returns zero, he isn't there. If it returns one, he is. If it returns any other number there is a problem with your DB...
2) Never store passwords in clear text! See here: http://www.commitstrip.com/wp-content/uploads/2013/09/Strips-Erreur-au-pilori-001-650-finalenglish.jpg[^]
And here: Password Storage: How to do it.[^] - I know it's more work, but it's worth it!
3) You don't show the GetPasswords method, but if it's anything like GetUserNames it's a very bad bit of code: I can log in to your account using my password - because my password matches in the database, and so does your username - you don't check to make sure they are for the same account! :OMG:
4) Why is that in the Business Layer? it's accessing the DB directly, so it's a Data Layer function...
这篇关于如何检查我的数据表列是否包含特定值?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
![http:// www .commitstrip.com / wp-content / uploads / 2013/09 / Strips-Erreur-au-pilori-001-650-finalenglish.jpg](\"http://www.commitstrip.com/wp-content/uploads/2013/09/Strips-Erreur-au-pilori-001-650-finalenglish.jpg\"){kind=link}