在 C# 中选择 MySQL 数据 [英] Select MySQL Data in C#
问题描述
我想使用 c# 登录该程序,我的用户名和密码存储在 phpmyadmin 中的 SQL 数据库中.这是我目前所拥有的.
I want to login to the program using c#, with my username and password that's stored to the SQL Database in phpmyadmin. This is what I have so far.
private void button1_Click(object sender, EventArgs e)
{
MySqlConnection connection;
string server = "localhost";
string database = "login";
string uid = "root";
string password = "";
string connectionString;
connectionString = "SERVER=" + server + ";" + "DATABASE=" +
database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";
connection = new MySqlConnection(connectionString);
try
{
connection.Open();
if (connection.State == ConnectionState.Open)
{
connection.Close();
Form1 frm = new Form1(this);
frm.Show();
Hide();
}
else
{
MessageBox.Show("Database Connection Failed", "Epic Fail", MessageBoxButtons.OKCancel, MessageBoxIcon.Asterisk);
}
}
catch (Exception ex)
{
MessageBox.Show("An Error Occured, Try again later.", "Epic Fail", MessageBoxButtons.OKCancel, MessageBoxIcon.Asterisk);
}
}
它连接到数据库,但是我不希望它显示 form1 直到输入了有效的用户名和密码.我猜我需要使用 SELECT * FROM 但我不确定如何去做.
It connects to the database, however I don't want it to show the form1 Until both a valid Username and Password have been entered. I'm guessing I need to use SELECT * FROM but I'm not exactly sure how to go about it.
推荐答案
可以用这种方式查看用户名和密码是否匹配
You can use this way to see if username and password match
MySqlCommand cmd = dbConn.CreateCommand();
cmd.CommandText = "SELECT count(*) from tbUser WHERE UserName = @username and password=@password";
command.Parameters.Add("@username", txtUserName.Text);
command.Parameters.Add("@password", txtPassword.Text);
var count = cmd.ExecuteScalar();
if(count>0)
//Logged In
只是说,如果你使用像这样的查询
Just to say, if you use a query like
cmd.CommandText = "SELECT count(*) from tbUser WHERE UserName = '"+txtusernam +"'";
您将接受 SQL 注入
You will be open to SQL Injection
警告
正如史蒂夫在评论中提到的,明文密码是一个与字符串连接相同数量级的漏洞
As Steve mentioned in comments Passwords in clear text are a vulnerability of the same magnitude of string concatenation
这篇关于在 C# 中选择 MySQL 数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!