1

如果用户名和密码正确,我需要打开一个新表单,但我无法让此代码工作,如果我输入正确的用户名或密码,它什么也不做。

private void login_Click(object sender, EventArgs e)
{
   try
   {
      string connection = @"Data Source=DX-PC;Initial Catalog=login;Integrated Security=True";
      SqlConnection cn = new SqlConnection(connection);

      cn.Open();

      string userText = user.Text;
      string passText = pass.Text;

      SqlCommand cmd = new SqlCommand("SELECT ISNULL(Username, '') AS Username, ISNULL(Password,'') AS Password FROM log WHERE Username = @username and Password = @password", cn);
      cmd.Parameters.Add(new SqlParameter("username", userText));
      cmd.Parameters.Add(new SqlParameter("password", passText));

      SqlDataReader dr = cmd.ExecuteReader();

      try
      {
          dr.Read();
          if (dr["Username"].ToString().Trim() == userText && dr["Password"].ToString().Trim() == passText)
          {
              MessageBox.Show("This message won't Display");
          }
      }
      catch
      {
          MessageBox.Show("Invalid Username or Password");
      }

      dr.Close();
      cn.Close();
   }
   catch (Exception ex)
   {
       MessageBox.Show(ex.Message);
   }
}
4

3 回答 3

1

我认为问题在于:

                if (dr["Username"].ToString().Trim() == userText && dr["Password"].ToString().Trim() == passText)
                {

                    MessageBox.Show("This message won't Display");



                }

你的代码部分。尝试添加一个 else 如下:

                if (dr["Username"].ToString().Trim() == userText && dr["Password"].ToString().Trim() == passText)
                {

                    MessageBox.Show("This message won't Display");



                } else {
                    MessageBox.Show(string.Format("{0}!={1}, {2}!={3}"
                        ,dr["Username"].ToString().Trim(),userText,
                         dr["Password"].ToString().Trim(),passText
                    );
                }

你可能会发现你的问题。

于 2013-08-18T06:23:27.450 回答
0

尽管您提供的代码容易受到 SQL 注入和 XSS 的攻击,但要回答您的问题,SQL 查询中过滤条件上的字符串comaprision 不区分大小写,而上面的 .NET 代码则区分大小写。

于 2013-08-18T08:44:10.987 回答
0

试试这个代码

        cn.open
        MySqlDataAdapter LoginAdapter = new MySqlDataAdapter();
        dynamic CommandQuerry = @"SELECT * From users WHERE Username='" + UsernameField.Text + "'AND Password='" + PasswordField.Text + "';";
        MySqlCommand LoginCommand = new MySqlCommand(); //The Login Command
        MySqlDataReader LoginDataReader = default(MySqlDataReader); //Create a reader variable to check login details.

        if (cn.State == ConnectionState.Open)
        {
              LoginCommand.Connection = SelectedSchoolDB;
              LoginCommand.CommandText = CommandQuerry;
              LoginAdapter.SelectCommand = LoginCommand;

              LoginDataReader = LoginCommand.ExecuteReader();

              if (Convert.ToInt32(LoginDataReader.HasRows) == 0)
              {
                     DialogResult a = MessageBox.Show(@"Invalid username/password, please try again", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
              }
              else
              {
                     LoginDataReader.Close(); // Close The reader
                     This.FormName.Hide(); //Close the login form
                     Newform.ShowDialog(); //Show the new form
              }
cn.close()
}

希望这段代码有帮助:)

于 2013-08-18T05:49:21.443 回答