2

当我使用以下代码时,如果用户名和密码相同,则工作正常,如果我提供错误的用户名和密码,则不会给我消息或登录:

 private void btnSubmit_Click(object sender, EventArgs e)
        {
            try
            {
                SqlConnection con = Helper.getconnection();
                con.Open();
                SqlCommand cmd = new SqlCommand("select SupportName, Password from Logins where SupportName='" + txtSupportName.Text + "' and Password='" + txtPassword.Text + "'", con);
                SqlDataReader dr = cmd.ExecuteReader(); 
                string Name = txtSupportName.Text;
                string Pwd = txtPassword.Text;
                while (dr.Read())
                {
                    if ((dr["SupportName"].ToString() == Name) && (dr["Password"].ToString() == Pwd))
                    {
                       // MessageBox.Show("welcome");
                        Form Support = new Support();
                        Support.ShowDialog();

                }
                else
                {
                    MessageBox.Show("SupportName and password are invalid");
                }
            }

            dr.Close();

            con.Close();
        }
        catch (Exception ex)
        {
            MessageBox.Show(ex.Message);
        }

        if (txtSupportName.Text == string.Empty)
        {
            MessageBox.Show("Please enter a value to Support Name!");
            txtSupportName.Focus();
            return;
        }

        if (txtPassword.Text == string.Empty)
        {
            MessageBox.Show("Please enter a value to Description!");
            txtPassword.Focus();
            return;
        }
    }
4

4 回答 4

5

您的代码似乎存在一些问题:

  1. 您应该在运行查询之前验证您的输入

  2. 您应该参数化您的查询(SO上有很多示例)而不是使用字符串连接

  3. 您似乎假设您将从 SQL 查询中获得结果。您可能应该检查dr.HasRows详细信息是否正确,或者检查是否dr.Read()返回 true 以确定是否显示消息框

  4. 您应该使用using块处理您的数据库对象。例如(不确定为什么格式化不起作用):

    使用 (SqlConnection con = Helper.getconnection()) { ... }

而不是调用DisposeClose明确。即使您确实想明确地调用Dispose,您也应该在一个块中这样做。Closefinally

于 2013-08-27T06:53:06.580 回答
0

你的代码有问题。您忘记检查数据阅读器是否有任何行。

if (dr.HasRows)
    {
        while (dr.Read())
        {
            if ((dr["SupportName"].ToString() == Name) && (dr["Password"].ToString() == Pwd))
            {
                // MessageBox.Show("welcome");
                Form Support = new Support();
                Support.ShowDialog();
            }
            else
            {
                MessageBox.Show("SupportName and password are invalid");
            }
        }
    }
    else
    {
        MessageBox.Show("SupportName and password are invalid");
    }
于 2013-08-27T07:00:01.253 回答
0

只需简单地添加HasRows以检查您的用户名和密码是否存在于您的表中/它检索数据库中的数据。

if(dr.HasRows)
{
  //username and password exists

  while (dr.Read())
        {
            if ((dr["SupportName"].ToString() == Name) && (dr["Password"].ToString() == Pwd))
            {
                // MessageBox.Show("welcome");
                Form Support = new Support();
                Support.ShowDialog();
            }

        }
}
else
{
//username and password not exists

MessageBox.Show("SupportName and password are invalid");

}

此致

于 2013-08-27T07:01:30.617 回答
0

丹尼尔凯利写了一个很好的答案我只是实现它并添加单独的方法来分离责任

private bool Login(string supportName, string password)
{
   if(string.IsNullOrEmpty(supportName) || string.IsNullOrEmpty(password))
   {
      throw new ArgumentException();
   }

   using(var connection = Helper.getconnection())
   using(var command = connection.CreateCommand())
   {
      conmmand.CommandText = "SELECT 1 FROM Logins WHERE SupportName=@SupportName AND Password=@Password";
      command.Parameters.AddWithValue("@SupportName", supportName);
      command.Parameters.AddWithValue("@Password", password);

      return command.ExecuteScalar() != null;
   }
}

private void ShowSupportForm()
{
   var supportName = txtSupportName.Text;
   var password = txtPassword.Text;

   if (string.IsNullOrEmpty(supportName))
   {
      MessageBox.Show("Please enter a value to Support Name!");
      txtSupportName.Focus();
      return;
   }

   if (string.IsNullOrEmpty(password))
   {
      MessageBox.Show("Please enter a value to Passwod!");
      txtPassword.Focus();
      return;
   }

   if(Login(supportName, password))
   {
      using(var form = new Support())
      {
         form.ShowDialog(this);
      }
   }
   else
   {
      MessageBox.Show("SupportName and password are invalid");
   }
}

private void btnSubmit_Click(object sender, EventArgs e)
{
    ShowSupportForm();
}
于 2013-08-27T07:20:36.543 回答