如何将数据库值与文本框输入值进行比较? [英] How Do I Compare Database Value With Textbox Input Values?

查看:107
本文介绍了如何将数据库值与文本框输入值进行比较?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我开发了一个登录系统,我们可以输入用户名和密码。那么它将用数据库检查一个用户名和密码是否正确它会抛出一条消息说谢谢。



因为我使用了基于服务的数据库和数据集是内置数据库。



此代码的结果是什么。但它会毫无错误地执行吗?



  private   void  Btn1_Click( object  sender,EventArgs e)
 {
 
 SqlConnection cn = < span class =code-keyword> new  SqlConnection( global  :: EnQApp.Properties.Settings.Default.Database1ConnectionString); 
 
 尝试 {
 cn.Open(); 
 使用(SqlCommand command =  new  SqlCommand(   SELECT * FROM Login,cn))
 {
  //    
  //  调用ExecuteReader方法。 
  //    
 SqlDataReader reader = command.ExecuteReader( ); 
  while (reader.Read())
 {
  string  name = reader.GetString( 1 );  //  名称字符串 
  string  pass = reader.GetString( 2 );  //  密码字符串 
  //    
  //  生成一个谢谢你消息 
  //    
 MessageBox.Show( 谢谢); 
} 
} 
} 
  catch (Exception ex){} 
 终于 {} 
}

解决方案

首先,您应该尝试找到从登录表中更正行,而不是获取所有行并循环它们。这意味着类似

  SELECT  * 
  FROM 登录
  WHERE  UserName =  @ username  
  AND  HashedPassword =  @ hashedpassword



执行声明之前,使用 SqlParameter为绑定变量设置适当的值 [ ^ ]



关于密码。不要将密码存储为纯文本甚至加密,请使用单向散列。关于这个主题的一个很好的阅读是密码存储:如何做。 [ ^ ]


您应该检查是否存在与用户名和密码匹配的记录,从不检索它。更好地使用存储过程来执行sql操作。

检查出来:使用ASP.Net C#在Windows应用程序中登录表单 [ ^ ]

阅读更多关于 Salted Password Hashing - 正确行事 [ ^ ]




查看此

<前lang =c#> 私人 < span class =code-keyword> void Btn1_Click( object sender,EventArgs e)
{

SqlConnection cn = new SqlConnection( global :: EnQApp.Properties.Settings.Default.Database1ConnectionString);

尝试
{
cn.Open();
使用(SqlCommand command = new SqlCommand( SELECT * FROM Login,其中username = @ username和password = @password,cn))
{
//
// 调用ExecuteReader方法。
//
command.Parameters.AddWithValue( @ username,txtbox1.Text);
command.Parameters.AddWithValue( @ password,txtbox2.Text);
SqlDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
// < span class =code-comment>如果它有行,那么你的好去展示你的消息
MessageBox.Show( < span class =code-string>谢谢);
/ *
while(reader.Read())
{
string name = reader.GetString(1); //名称字符串
string pass = reader.GetString(2); //密码字符串
//
//生成一条感谢信息
//
MessageBox.Show(谢谢);
}
* * /
}
}
}
catch (exception ex){}
finally {}
}


i have developed a login system where we can input our username and password. then it will checks with database an user name and password is correct it will throw a message saying thank you.

for that i have used service based database with dataset, which is inbuilt database.

result of this code is nothing. but it will execute without errors?

private void Btn1_Click(object sender, EventArgs e)
        {

            SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString);

            try {
                cn.Open();
                using (SqlCommand command = new SqlCommand("SELECT * FROM Login", cn))
                {
                    //
                    // Invoke ExecuteReader method.
                    //
                    SqlDataReader reader = command.ExecuteReader();
                    while (reader.Read())
                    {
                        string name = reader.GetString(1);  // Name string
                        string pass = reader.GetString(2); // Password string
                        //
                        // generates a thank you message
                        //
                        MessageBox.Show("Thank you");
                    }
                }
            }
            catch (Exception ex) { }
            finally { }
        }

解决方案

First of all, you should try to find the correct row from Login table, not to get all rows and loop through them. This would mean something like

SELECT * 
FROM Login
WHERE UserName = @username
AND HashedPassword = @hashedpassword


Before executing the statement, set proper values to the bind variables using SqlParameter[^]

About the password. Don't store the password as plain text or even encrypted, use one way hashing. A good read about the subject is Password Storage: How to do it.[^]


You should just check the existence of the record that matches the username and password, never retrieve it. Better use a store procedure to do the sql operation.
Check this out: Login Form in Windows Application Using ASP.Net C#[^]
Read more on Salted Password Hashing - Doing it Right[^]


Hi ,
Check this 

private void Btn1_Click(object sender, EventArgs e)
    {

        SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString);

        try
        {
            cn.Open();
            using (SqlCommand command = new SqlCommand("SELECT * FROM Login where username =@username and password = @password", cn))
            {
                //
                // Invoke ExecuteReader method.
                //
                command.Parameters.AddWithValue("@username", txtbox1.Text);
                command.Parameters.AddWithValue("@password", txtbox2.Text);
                SqlDataReader reader = command.ExecuteReader();
                if (reader.HasRows)
                {
                    // IF it has Rows so your Good to go and show your message 
                    MessageBox.Show("Thank you");
                    /*
                    while (reader.Read())
                    {
                        string name = reader.GetString(1);  // Name string
                        string pass = reader.GetString(2); // Password string
                        //
                        // generates a thank you message
                        //
                        MessageBox.Show("Thank you");
                    } 
                     * */
                }
            }
        }
        catch (Exception ex) { }
        finally { }
    }


这篇关于如何将数据库值与文本框输入值进行比较?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆