c sharp windows alpplication创建登录表单 [英] c sharp windows alpplication creating login form
问题描述
hi
i我只需要2个标签和2个文本框和1个按钮
i只需在按钮中编写代码
< pre lang =cs> if (textBox1.Text!= & textBox2.Text!= )
{
string queryText = SELECT Count( *)FROM Login +
WHERE username = @User name AND password = @Password ;
使用(SqlConnection cn = new SqlConnection( 数据源= MIS-PC;初始目录=项目;集成安全性=真))
使用(SqlCommand cmd = new SqlCommand(queryText,cn))
{
cn.Open();
cmd.Parameters.AddWithValue( @ User name,textBox1.Text); // cmd是SqlCommand
cmd.Parameters.AddWithValue( @ Password,textBox2.Text);
int result =( int )cmd.ExecuteScalar();
if (结果> 0 )
MessageBox.Show( Loggen In!);
else
MessageBox.Show( 找不到用户!);
}
但不工作
错误这一行
int result =(int)cmd.ExecuteScalar();
怎么办你还没有提供sql连接
sqlconnection con = new sqlconnection();
请提供连接字符串,以便连接数据库,如果有任何其他问题让我知道,也请清除你的问题。
abhishek_singh是对的 - 你需要一个连接字符串连接到你的数据库,但另外...
请,请不要做那样的事情!
那里你在这里犯的两个主要错误:
1)不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。正如您的代码所代表的那样,我不需要密码即可以任何人身份登录!
2)绝不以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
在两个地方用@Username替换@User名称,然后再次运行该代码。
hi
i just i take 2 lables and 2 textboxes and 1 button
i just write the code in button
if (textBox1.Text != "" & textBox2.Text != "")
{
string queryText = "SELECT Count(*) FROM Login " +
"WHERE username = @User name AND password = @Password";
using (SqlConnection cn = new SqlConnection("Data Source=MIS-PC;Initial Catalog=project;Integrated Security=True"))
using (SqlCommand cmd = new SqlCommand(queryText, cn))
{
cn.Open();
cmd.Parameters.AddWithValue("@User name", textBox1.Text); // cmd is SqlCommand
cmd.Parameters.AddWithValue("@Password", textBox2.Text);
int result = (int)cmd.ExecuteScalar();
if (result > 0)
MessageBox.Show("Loggen In!");
else
MessageBox.Show("User Not Found!");
}
but its not working
Error in this line
int result = (int)cmd.ExecuteScalar();
how to do
you have not provided sql connection in to
sqlconnection con=new sqlconnection();
please provide connection string on that so that connect with database, if any other issue let me know about that, also please clear your question.
abhishek_singh is right - you need a connection string to connect to your db, but in addition...
Please, please, don't do things like that!
There are two major mistakes you are making here:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. As your code stands, I do not need a password to log in as anybody!
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
replace @User name with @Username on both place, then again run that code.
这篇关于c sharp windows alpplication创建登录表单的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
