UC知道各位高手,请帮我检查一下我的 C#登录验证代码 那里错了!!急 啊
来源:百度知道 编辑:UC知道 时间:2024/05/30 11:30:53
SqlConnection myc = new SqlConnection();
myc.ConnectionString = "server=PC-20090727AEWI;uid=sa;password=er;database=xue";
myc.Open();
SqlCommand cmd = new SqlCommand("select * from user where name=" +
"'" + this.textBox1.Text + "'and password=" +
"'" + this.textBox2.Text + "'", myc);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
rolename = cmd.ExecuteScalar().ToString();
//隐藏登录窗口
this.Visible = false;
//创建并打开主界面
Mainform mainfrm = new Mainform();
mainfrm.Tag = this.FindForm();
}
else
MessageBox.Show(this, "登陆失败,
myc.ConnectionString = "server=PC-20090727AEWI;uid=sa;password=er;database=xue";
myc.Open();
SqlCommand cmd = new SqlCommand("select * from user where name=" +
"'" + this.textBox1.Text + "'and password=" +
"'" + this.textBox2.Text + "'", myc);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
rolename = cmd.ExecuteScalar().ToString();
//隐藏登录窗口
this.Visible = false;
//创建并打开主界面
Mainform mainfrm = new Mainform();
mainfrm.Tag = this.FindForm();
}
else
MessageBox.Show(this, "登陆失败,
SqlCommand cmd = new SqlCommand("select * from user where name=" +
"'" + this.textBox1.Text + "'and password=" +
"'" + this.textBox2.Text + "'", myc);
改成-----
...... select * from [user] where name=" ....
user加一个括号
sql语句有错误,不过我的看法和楼上的有些不同
SqlCommand cmd = new SqlCommand("select * from user where name=" +
"'" + this.textBox1.Text + "'and password=" +
"'" + this.textBox2.Text + "'", myc);
这句中的and左面少了一个空格。
帐号密码核对在哪'
1.user是SQL保留关键字,作为数据库表需要加上中括号[user],部分位置需要空格(注意不要在全角状态输入)
2.你的登陆验证方式存在注入,建议修改
string sql= "select * from [user] where name=@name and password=@pwd";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@name", SqlDbTy