从表的任何行中选择值的条件 [英] condition for selecting value from any row of a table
问题描述
大家好,
我正在使用具有两个标签(分别为客户ID和密码)的登录表单进行操作.
我想要的是,当我在文本框中输入客户ID和密码,然后单击登录按钮时,将从我的表名称customer_detail的任何行中选择客户ID和密码,并且当我应用条件时,消息框显示登录成功". br/>
我为选择一行应用了以下编码,如下所示:
hi to all,
i am working on login form having two labels name customer id and password.
what i want is when i enter customer id and password in textboxes, and click on login button, customer id and password will be selected from any row of my table name customer_detail and when i apply condition, messagebox show "login is successful".
i applied following coding for selecting one row as shown below :
private void btnlog_Click(object sender, EventArgs e)
{
cmd = new SqlCommand("select userid,password from customer_details where userid=''" + txtcustid.Text + "''", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
string custid;
string password;
custid = ds.Tables[0].Rows[0][0].ToString();
password = ds.Tables[0].Rows[0][1].ToString();
if (custid == txtcustid.Text && password == txtpswd.Text)
{
MessageBox.Show("login successful");
this.Hide();
product_at_warehouse thirdform;
thirdform = new product_at_warehouse();
thirdform.Show();
}
else
{
MessageBox.Show("login failed: Enter valid username or password");
}
// cmd.ExecuteNonQuery();
}
请帮助我.
荣誉
neaS
please help me out of this.
kudos
neaS
推荐答案
代码存在一些问题.
如果SELECT语句找不到任何行.当您访问
下的数据集时,将抛出Null异常
There are some problems with the code.
If the SELECT statement does not find any rows. An Null exception will be thrown when you access the DataSet under
custid = ds.Tables[0].Rows[0][0].ToString();
将DataSet替换为DataTable,然后检查 DataTable.Rows.Count [^ ]以查看SELECT语句中是否返回任何行.
使用SqlParameter并停止像现在一样创建SQL字符串.
请参见为我提供参数化的SQL,否则会导致死亡 [ ^ ].
Replace DataSet with DataTable, and do a check on the DataTable.Rows.Count[^] to see if there are any rows returned in the SELECT statement.
Use SqlParameter and stop creating SQL strings like the one you do now.
See Give me parameterized SQL, or give me death[^].
尝试一下
Try this
private void btnlog_Click(object sender, EventArgs e)
{
cmd = new SqlCommand("select userid,password from customer_details where userid=''" + txtcustid.Text + "'' and password=''"+txtpwd.Text+"''", con);
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
string custid;
string password;
custid = ds.Tables[0].Rows[0][0].ToString();
password = ds.Tables[0].Rows[0][1].ToString();
if (custid == txtcustid.Text && password == txtpswd.Text)
{
MessageBox.Show("login successful");
this.Hide();
product_at_warehouse thirdform;
thirdform = new product_at_warehouse();
thirdform.Show();
}
else
{
MessageBox.Show("login failed: Enter valid username or password");
}
// cmd.ExecuteNonQuery();
}
这里有很多错误:第一个是不要连接字符串". Google进行"SQL注入攻击",然后更改为参数化查询,然后您无意或故意破坏数据库.
第二:不要将密码存储在文本中.这里有一个提示,描述了一种更好的方法:密码存储:操作方法. [^ ]
第三:当您只要求匹配客户ID的值时,为什么要在SELECT语句中返回客户ID?
不是测试
There are a whole load of things wrong here: The first being "do not concatenate your strings". Google for "Sql Injection Attack" and then change to parametrized queries before you accidentally or deliberately destroy your database.
Second: Dont store your passwords in text. There is a Tip here which describes a better way: Password Storage: How to do it.[^]
Third: Why are you returning the customer ID in your SELECT statement, when you only ask for the values which match it?
Isn''t the test
if (custid == txtcustid.Text && password == txtpswd.Text)
有点残忍?
第四:您遇到什么问题?
kinda rendundant?
Fourth: What problem are you having?
这篇关于从表的任何行中选择值的条件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
