0

我正在使用 C#,我需要为 mysql 用户和密码开发一个检查系统。到目前为止,我想出的是这个,我得到的错误是它是错误的语法......

public bool VerifyUser(string username, string password)
{
    string returnValue = "";

    string Query = "SELECT Pass FROM Base_Character WHERE User='" + username + "'";

    MySqlCommand verifyUser = new MySqlCommand(Query, this.sqlConn);

    try
    {
        verifyUser.ExecuteNonQuery();

        MySqlDataReader myReader = verifyUser.ExecuteReader();

        while (myReader.Read() != false)
        {
            returnValue = myReader.GetString(0);
        }

        myReader.Close();
    }
    catch (Exception excp)
    {
        Exception myExcp = new Exception("Could not verify user. Error: " +
            excp.Message, excp);
        throw (myExcp);
    }

    if (returnValue == password)
    {
        return false;
    }
    else
    {
        return true;
    }
}
4

2 回答 2

0

ExecuteNonQuery用于删除、插入和更新。每当您希望将数据作为行从数据库返回时,请使用ExecuteReader

您的查询应该一起检查用户名和密码,如果它们存在于一条记录中,则返回该行,否则不返回任何内容。

您仍然需要更多地了解使用 .Net 进行编码/数据库编程

public bool VerifyUser(string username, string password)
{
    bool returnValue = false;
    string Query = "SELECT 1 FROM Base_Character WHERE User='" + username + "' AND pass='"+password+"'";

    try
    {
        MySqlCommand command = new MySqlCommand(Query, this.sqlConn);

        MySqlDataReader myReader = command.ExecuteReader();

        if(myReader.Read())
        {
            returnValue = true;
        }

        myReader.Close();
    }
    catch (Exception excp)
    {
        throw;
    }

    return returnValue;
 }

您可能不应该抛出自定义异常,因为您使用的是布尔值

if(VerifyUser("user123", "******"))
{
   //Congratulations
}
else
{
   //Unable to log you in
}
于 2012-10-10T20:13:45.447 回答
0

谢谢大家,但这需要mysql无法保存或处理的自定义加密,我的主要错误是忽略了executenonquery(),所以我不得不编写这样的代码:

if (AuthorizeTools.Encrypt.Password(Database.getPassword) != Password) //Password is already encrypted

然后将mysql函数设置为:

public string getPassword(string username)
        {
            string returnValue = "";
            string Query = "SELECT Pass FROM Base_Character where (User=" +
                "'" + username + "') LIMIT 1";

            MySqlCommand checkUser = new MySqlCommand(Query, this.sqlConn);

            try
            {
                checkUser.ExecuteNonQuery();

                MySqlDataReader myReader = checkUser.ExecuteReader();

                while (myReader.Read() != false)
                {
                    returnValue = myReader.GetString(0);
                }

                myReader.Close();
            }
            catch (Exception excp)
            {
                Exception myExcp = new Exception("Could not grab password: " +
                    excp.Message, excp);
                throw (myExcp);
            }
            return (returnValue);
        }
于 2012-10-15T21:08:31.430 回答