登录表单中的问题 [英] Problem in login form
本文介绍了登录表单中的问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
string MyconString = "SERVER=localhost;" +
"DATABASE=record;" +
"UID=testuser;" +
"PASSWORD=testpaswd;";
MySqlConnection connection = new MySqlConnection(MyconString);
MySqlCommand command = connection.CreateCommand();
// command.CommandText = "SELECT * FROM users";
command.CommandText = "SELECT DISTINCT * FROM users WHERE name='" +
data[0] + "'AND password='" + data[1] + "'";
MySqlDataReader myreader = null;
try
{
connection.Open();
myreader = command.ExecuteReader();
while (myreader.Read())
{
string name_stored = (myreader["name"].ToString());
string paswd_stored = (myreader["password"].ToString());
string camID_stored = (myreader["cam_ID"].ToString());
if (data[0].Equals(name_stored) && data[1].Equals(paswd_stored))
{
Console.WriteLine("Log in successfull");
}
else
{
Console.WriteLine("Log in Failed. . . ");
}
}
connection.Close();
}
catch(Exception eo)
{
Console.WriteLine(eo.ToString());
}
问:这是我的应用程序的登录模块代码.问题是,当我输入错误的用户名和密码时,它会卡住,否则不会执行错误的用户名和密码的条件.
Q: This is login module code for my application. problem is that when i enter a incorrect user name and password it gets stuck and else condition for wrong user name and password do not execute.
推荐答案
问题是如果输入的用户名或密码不在数据库中,则数据读取器将返回空白.因此,您的while循环将根本不会执行.
The problem is that the data reader will come back empty if the username or password entered are not in the database. Therefore your while loop will not execute at all.
好吧,我并不感到惊讶:您只从数据库中检索与您的登录名和密码匹配的记录.因此,如果输入错误的密码,它将不会检索任何记录,也不会进入while循环以检查任何内容.
顺便说一句:不要像这样访问您的数据库:您将自己暴露于SQL注入攻击的威胁之下.请改用参数化查询:
Well I''m not surprised: you only retrieve records from the database which match you login name and password. So, if you enter a bad password, it will retrieve no records, and will not enter the while loop to check anything.
BTW: don''t access your DB like that: you are leaving yourself wide open to an SQL Injection attack. Use parametrized queries instead:
command.CommandText = "SELECT DISTINCT * FROM users WHERE name=@NM AND password=@PW";
command.Parameters.AddWithValue("@NM", data[0]);
command.Parameters.AddWithValue("@PW", data[1]);
问题出在命令中:
The problem lies in the Command :
command.CommandText = "SELECT DISTINCT * FROM users WHERE name='" +
data[0] + "'AND password='" + data[1] + "'";
删除WHERE条件,以便该命令可以检索所有名称和密码.然后在while循环中,可以将data [0]与名称进行比较,data [1]与密码进行比较,而不是在命令中进行比较.
像这样简单地输入命令:
Remove the WHERE condition, so that the command can retrieve all the Names and passwords. Then in the while loop, you can compare data[0] with name and data[1] with password and not in the command.
Just put the command simply like this :
command.CommandText = "SELECT DISTINCT * FROM users;
希望对您有所帮助!
Hope it helped!
这篇关于登录表单中的问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
