登录表单不起作用 [英] Login form not working

问题描述

任何人都可以告诉我以下代码中的错误是什么:

Can anyone tell me please what the error is in the code below:

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.OleDb;

namespace Accreditation
{
    public partial class LoginForm : Form
    {
        public LoginForm()
        {
            InitializeComponent();
        }
        
        private void LoginForm_Load(object sender, EventArgs e)
        {
            this.AcceptButton = btnLogin;
            this.CancelButton = btnCancel;
        }

        int ctr;
        private void btnLogin_Click(object sender, EventArgs e)
        {
            OleDbConnection con = new OleDbConnection("Provider=Microsoft.Jet.OLEDB.4.0; Data Source=Accreditation.mdb; User ID=admin; Password=delhigames;");
            ctr = ctr + 1;
            OleDbDataAdapter adp1 = new OleDbDataAdapter("select * from ComLogin", con);
            DataSet ds1 = new DataSet();
            adp1.Fill(ds1, "ComLogin");
            if (ds1.Tables.Count > 0)
            {
                bool validUser1 = false;
                validUser1 = false;
                foreach (DataRow dr in ds1.Tables[0].Rows)
                {
                    if (dr[0].ToString() == txtUsername.Text && dr[1].ToString() == txtPassword.Text)
                    {
                        validUser1 = true;
                        Visitors frm = new Visitors();
                        this.Hide();
                        frm.Show();
                    }
                }
                if (validUser1 == false)
                {
                    MessageBox.Show("Enter valid User ID/Password!");
                }
            }
            
            else
            {
                if (ctr < 3)
                {
                    MessageBox.Show("Incorrect User Name & Password. Please Try again.");
                    txtUsername.Focus();
                }
                else
                {
                    MessageBox.Show("Unauthorized Access. Aborting..");
                    this.Close();
                }
            }
        }
 
        private void btnCancel_Click(object sender, EventArgs e)
        {
            this.Close();
            Application.Exit();
        }
    }
}

Thanks in advance!

推荐答案

我从哪里开始?

这些是我注意到的问题(如果我想念您的特定问题，请告诉我):
1)您正在从数据库读取所有记录，而不是使用SQL WHERE子句对其进行过滤
2)返回带有*作为字段描述符的记录-您应该逐项列出字段名称.
3)您按编号引用记录，但未指定应返回的顺序.
4)您不使用参数化查询，而对SQL注入攻击持开放态度.
5)您将明文密码存储在数据库中.
6)找到用户时，您不必费心退出循环.
7)您对连接字符串进行硬编码.
8)使用密码保护数据库，然后在代码中以明文形式发布密码.

我可以继续，但是我不想要.

无论如何，您的问题几乎肯定是上面的3.

Where do I start?

These are the problems I noticed (let me know if I missed your specific one):
1) You are reading all records from the DB instead of filtering them with an SQL WHERE clause
2) You return records with * as the field descriptor - you should itemise the field names.
3) You refer to the records by number, without specifying the order they shoudl be returned.
4) You don''t use parametrized queries, leaving yourself open for an SQL Injection attack.
5) You store passwords in clear text in your database.
6) You don''t bother to exit your loop when you find the user.
7) You hard code your connection strings.
8) You password protect your database, then publish the password in clear in your code.

I could go on, but I don''t think I want to.

Anyway, your problem is almost certainly number 3 above.

这篇关于登录表单不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！