0

我有两种形式:Form1 是我的应用程序,Form2 是登录页面。我想将输入到 Form2 上的用户名文本框 (LoginTbox) 中的值传递给 Form1。这就是我到目前为止所拥有的。没有收到错误,但似乎什么也没传递。我已经尝试过构造函数,但似乎也无法让它工作。我究竟做错了什么?

程序.cs

static void Main()
    {
        Application.EnableVisualStyles();
        Application.SetCompatibleTextRenderingDefault(false);

        Form2 fLogin = new Form2();

        if (fLogin.ShowDialog() == DialogResult.OK)
            Application.Run(new Form1());
        else
            Application.Exit();
    }

Form2(登录表格)

    public string strVar = string.Empty;

    public Form2()
    {
        InitializeComponent();
    }

    public void button1_Click(object sender, EventArgs e)
    {
        strVar = loginTbox.Text.ToString();           
        string _pass = textBox2.Text;

        string conStr = "Data Source=CA-INVDEV\\RISEDB01;Initial Catalog=RISEDB01;Integrated Security=True";
        string sqlcmd = "select * from accounts where Username=@Username and Password=@Password";
        using (SqlConnection conn = new SqlConnection(conStr))
        {
            conn.Open();
            SqlCommand cmd = new SqlCommand(sqlcmd, conn);
            cmd.Parameters.AddWithValue("@Username", _username);
            cmd.Parameters.AddWithValue("@Password", _pass);
            SqlDataReader dr = cmd.ExecuteReader();
            if (dr.HasRows)
            {
                MessageBox.Show("Login Successful");                                            
            }
            else
            {
                MessageBox.Show("Login Failed Invalid Credentials. Please try again");
                Application.Restart();                  
            }
        }
    }

Form1(应用程序)

private void button7_Click(object sender, EventArgs e)
    {
        if (textBox6.Text != "")
        {
            Form2 frm = new Form2();
            string strValue = frm.strVar;

            string Owner = textBox6.Text;
            string Time = DateTime.Now.ToString(@"MM\/dd\/yyyy h\:mm tt");
            string Serial = textBox4.Text;
            string conStr = "Data Source=CA-INVDEV\\RISEDB01;Initial Catalog=RISEDB01;Integrated Security=True";               
            string sqlcmd2 = "Select * from Sheet1 where Serial#=@Serial#";
            string sqlcmd = "UPDATE Sheet1 SET Owner=@Owner, Checked_In=NULL, Checked_Out=@Checked_Out, Modified_By=@Modified_By WHERE Serial#=@Serial#";
            using (SqlConnection conn = new SqlConnection(conStr))
            {
                conn.Open();
                SqlCommand cmd = new SqlCommand(sqlcmd, conn);
                SqlCommand cmd2 = new SqlCommand(sqlcmd2, conn);
                cmd2.Parameters.AddWithValue("@Serial#", Serial);
                cmd.Parameters.AddWithValue("@Serial#", Serial);
                cmd.Parameters.AddWithValue("@Owner", Owner);
                cmd.Parameters.AddWithValue("@Checked_Out", Time);
                cmd.Parameters.AddWithValue("@Modified_By", strValue);
                SqlDataReader dr = cmd2.ExecuteReader();
                if (dr.HasRows)
                {                       
                    dr.Close();
                    cmd.ExecuteNonQuery();
                    conn.Close();
                    Form1_Load();
                }
                else
                {
                    dr.Close();
                    MessageBox.Show("Serial Does Not Exist");
                    textBox4.Clear();
                }
            }
        }
        else
        {
            MessageBox.Show("Owner was not assigned to asset. Please provide a Owner for this asset");
        }
    }
4

1 回答 1

1

您正在处理两个完全独立的Form2. 用户用于登录的第一个实例无法从内部访问Form1Form2您在按钮单击事件中创建的实例Form1仅具有string.Empty存储在中的初始值strVar

为了让它启动并工作,我会更改您的 Main 方法以将您需要的值传递给以下构造函数Form1

...
if (fLogin.ShowDialog() == DialogResult.OK)
{
    Application.Run(new Form1(fLogin.strVar));
}
...

然后修改Form1 (我在您的代码片段中没有看到)的构造函数以接受该参数:

private string userName = string.Empty;

public Form1(string userName)
{
    InitializeComponent();

    this.userName = userName;
}

摆脱Form2按钮单击事件内部的单独实例Form1

作为参考,如果有人弄清楚您当前如何将文本框值传递给数据库,他们可能会输入类似'; DELETE FROM ACCOUNTS;into的内容textBox2.Text并造成严重破坏。(我没有专门尝试过,但类似的东西可能会起作用......)

如果您完全好奇,请查看有关 SQL 注入攻击的文章,例如这篇文章。

于 2013-07-16T03:48:21.170 回答