更新时间:2023-01-21 11:53:03
首先,您应该尝试找到从登录表中更正行,而不是获取所有行并循环它们。这意味着类似SELECT *
FROM 登录
WHERE UserName = @ username
AND HashedPassword = @ hashedpassword
执行声明之前,使用 SqlParameter为绑定变量设置适当的值 [ ^ ]
关于密码。不要将密码存储为纯文本甚至加密,请使用单向散列。关于这个主题的一个很好的阅读是密码存储:如何做。 [ ^ ]
您应该检查是否存在与用户名和密码匹配的记录,从不检索它。更好地使用存储过程来执行sql操作。
检查出来:使用ASP.Net C#在Windows应用程序中登录表单 [ ^ ]
阅读更多关于 Salted Password Hashing - 正确行事 [ ^ ]
查看此
私人 void Btn1_Click( object sender,EventArgs e)
{
SqlConnection cn = new SqlConnection( global :: EnQApp.Properties.Settings.Default.Database1ConnectionString);
尝试
{
cn.Open();
使用(SqlCommand command = new SqlCommand( SELECT * FROM Login,其中username = @ username和password = @password,cn))
{
//
// 调用ExecuteReader方法。
//
command.Parameters.AddWithValue( @ username,txtbox1.Text);
command.Parameters.AddWithValue( @ password,txtbox2.Text);
SqlDataReader reader = command.ExecuteReader();
if (reader.HasRows)
{
// 如果它有行,那么你的好去展示你的消息
MessageBox.Show( 谢谢);
/ *
while(reader.Read())
{
string name = reader.GetString(1); //名称字符串
string pass = reader.GetString(2); //密码字符串
//
//生成一条感谢信息
//
MessageBox.Show(谢谢);
}
* * /
}
}
}
catch (exception ex){}
finally {}
}
i have developed a login system where we can input our username and password. then it will checks with database an user name and password is correct it will throw a message saying thank you.
for that i have used service based database with dataset, which is inbuilt database.
result of this code is nothing. but it will execute without errors?
private void Btn1_Click(object sender, EventArgs e)
{
SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString);
try {
cn.Open();
using (SqlCommand command = new SqlCommand("SELECT * FROM Login", cn))
{
//
// Invoke ExecuteReader method.
//
SqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
string name = reader.GetString(1); // Name string
string pass = reader.GetString(2); // Password string
//
// generates a thank you message
//
MessageBox.Show("Thank you");
}
}
}
catch (Exception ex) { }
finally { }
}
First of all, you should try to find the correct row from Login table, not to get all rows and loop through them. This would mean something likeSELECT * FROM Login WHERE UserName = @username AND HashedPassword = @hashedpassword
Before executing the statement, set proper values to the bind variables using SqlParameter[^]
About the password. Don't store the password as plain text or even encrypted, use one way hashing. A good read about the subject is Password Storage: How to do it.[^]
You should just check the existence of the record that matches the username and password, never retrieve it. Better use a store procedure to do the sql operation.
Check this out: Login Form in Windows Application Using ASP.Net C#[^]
Read more on Salted Password Hashing - Doing it Right[^]
Hi ,
Check thisprivate void Btn1_Click(object sender, EventArgs e) { SqlConnection cn = new SqlConnection(global::EnQApp.Properties.Settings.Default.Database1ConnectionString); try { cn.Open(); using (SqlCommand command = new SqlCommand("SELECT * FROM Login where username =@username and password = @password", cn)) { // // Invoke ExecuteReader method. // command.Parameters.AddWithValue("@username", txtbox1.Text); command.Parameters.AddWithValue("@password", txtbox2.Text); SqlDataReader reader = command.ExecuteReader(); if (reader.HasRows) { // IF it has Rows so your Good to go and show your message MessageBox.Show("Thank you"); /* while (reader.Read()) { string name = reader.GetString(1); // Name string string pass = reader.GetString(2); // Password string // // generates a thank you message // MessageBox.Show("Thank you"); } * */ } } } catch (Exception ex) { } finally { } }