如何将数据库值与文本框输入值进行比较? [英] How Do I Compare Database Value With Textbox Input Values?
问题描述
我开发了一个登录系统,我们可以输入用户名和密码。那么它将用数据库检查一个用户名和密码是否正确它会抛出一条消息说谢谢。
因为我使用了基于服务的数据库和数据集是内置数据库。
此代码的结果是什么。但它会毫无错误地执行吗?
private void Btn1_Click( object sender,EventArgs e)
{
SqlConnection cn = < span class =code-keyword> new SqlConnection( global :: EnQApp.Properties.Settings.Default.Database1ConnectionString);
尝试 {
cn.Open();
使用(SqlCommand command = new SqlCommand( SELECT * FROM Login,cn))
{
//
// 调用ExecuteReader方法。
//
SqlDataReader reader = command.ExecuteReader( );
while (reader.Read())
{
string name = reader.GetString( 1 ); // 名称字符串
string pass = reader.GetString( 2 ); // 密码字符串
//
// 生成一个谢谢你消息
//
MessageBox.Show( 谢谢);
}
}
}
catch (Exception ex){}
终于 {}
}
首先,您应该尝试找到从登录表中更正行,而不是获取所有行并循环它们。这意味着类似
SELECT *
FROM 登录
WHERE UserName = @ username
AND HashedPassword = @ hashedpassword
执行声明之前,使用 SqlParameter为绑定变量设置适当的值 [ ^ ]
关于密码。不要将密码存储为纯文本甚至加密,请使用单向散列。关于这个主题的一个很好的阅读是密码存储:如何做。 [ ^ ]
您应该检查是否存在与用户名和密码匹配的记录,从不检索它。更好地使用存储过程来执行sql操作。
检查出来:使用ASP.Net C#在Windows应用程序中登录表单 [ ^ ]
阅读更多关于 Salted Password Hashing - 正确行事 [ ^ ]
查看此
<前lang =c#> 私人 < span class =code-keyword> void Btn1_Click( object sender,EventArgs e)
{
SqlConnection cn = new SqlConnection( global :: EnQApp.Properties.Settings.Default.Database1ConnectionString);
尝试
{
cn.Open();
使用(SqlCommand command = new SqlCommand( SELECT * FROM Login,其中username = @ username和password = @password,cn))
{
//
// 调用ExecuteReader方法。
//
command.Parameters.AddWithValue( @ username,txtbox1.Text);
command.Parameters.AddWithValue( @ password,txtbox2.Text);
SqlDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
// < span class =code-comment>如果它有行,那么你的好去展示你的消息
MessageBox.Show( < span class =code-string>谢谢);
/ *
while(reader.Read())
{
string name = reader.GetString(1); //名称字符串
string pass = reader.GetString(2); //密码字符串
//
//生成一条感谢信息
//
MessageBox.Show(谢谢);
}
* * /
}
}
}
catch (exception ex){}
finally {}
}
i have developed a login system where we can input our username and password. then it will checks with database an user name and password is correct it will throw a message saying thank you.
for that i have used service based database with dataset, which is inbuilt database.
result of this code is nothing. but it will execute without errors?
private void Btn1_Click(object sender, EventArgs e)
{
SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString);
try {
cn.Open();
using (SqlCommand command = new SqlCommand("SELECT * FROM Login", cn))
{
//
// Invoke ExecuteReader method.
//
SqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
string name = reader.GetString(1); // Name string
string pass = reader.GetString(2); // Password string
//
// generates a thank you message
//
MessageBox.Show("Thank you");
}
}
}
catch (Exception ex) { }
finally { }
}
First of all, you should try to find the correct row from Login table, not to get all rows and loop through them. This would mean something like
SELECT * FROM Login WHERE UserName = @username AND HashedPassword = @hashedpassword
Before executing the statement, set proper values to the bind variables using SqlParameter[^]
About the password. Don't store the password as plain text or even encrypted, use one way hashing. A good read about the subject is Password Storage: How to do it.[^]
You should just check the existence of the record that matches the username and password, never retrieve it. Better use a store procedure to do the sql operation.
Check this out: Login Form in Windows Application Using ASP.Net C#[^]
Read more on Salted Password Hashing - Doing it Right[^]
Hi ,
Check this
private void Btn1_Click(object sender, EventArgs e) { SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString); try { cn.Open(); using (SqlCommand command = new SqlCommand("SELECT * FROM Login where username =@username and password = @password", cn)) { // // Invoke ExecuteReader method. // command.Parameters.AddWithValue("@username", txtbox1.Text); command.Parameters.AddWithValue("@password", txtbox2.Text); SqlDataReader reader = command.ExecuteReader(); if (reader.HasRows) { // IF it has Rows so your Good to go and show your message MessageBox.Show("Thank you"); /* while (reader.Read()) { string name = reader.GetString(1); // Name string string pass = reader.GetString(2); // Password string // // generates a thank you message // MessageBox.Show("Thank you"); } * */ } } } catch (Exception ex) { } finally { } }
这篇关于如何将数据库值与文本框输入值进行比较?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!