该消息仅表示您正在尝试使用尚未初始化的对象引用。你需要做的第一件事是找到它出现的代码行，并诊断引用为空的原因。



并且，作为旁注，不要使用SQL中的字符串连接（select * from system where password ='+ txtP.Text +'）。使用适当的参数化查询。并且从不以明文形式存储密码，它会让整个系统对黑客开放。使用salted和散列值。

That message merely indicates that you are trying to use an object reference that has not been initialised. The first thing you need to do is find the line of code where it occurs and diagnose why the reference is null.

And, as a side note, do not use string concatenation ("Select * from system where password ='" + txtP.Text + "' ") in SQL. Use proper parameterised queries. And never store passwords in clear text, it leaves your entire system open to hackers. Use salted and hashed values.

您没有从app.config文件中读取任何内容。当您使用配置管理器时，它会查找与可执行文件匹配的配置名称，因此如果您的程序是MyApp.exe，那么您的配置文件需要被称为MyApp.exe.config。 App.config只是一个占位符名称，当您发布代码时，VisualStudio会将app.config内容复制到一个名称正确的文件。

You don't read anything from the app.config file. When you use the config manager it looks for a config name that matches the executable, so if your program is "MyApp.exe" then your config file needs to be called "MyApp.exe.config". App.config is just a placeholder name, when you publish your code VisualStudio copies the app.config contents to a file with the correct name.

我注意到的一些事情：



connUN 定义在哪里？

A couple of things I noticed:

Where is connUN defined?

private void txtP_TextChanged(object sender, EventArgs e)
  {
    connUN.ConnectionString = ConfigurationManager.ConnectionStrings["SSM.Properties.Settings.ScMgP"].ConnectionString;

你为什么这样做？您是否考虑过尝试这样的事情？

Why have you done it this way? Have you thought about trying something like this?

private void txtP_TextChanged(object sender, EventArgs e)
  {
    string _cs = ConfigurationManager.ConnectionStrings["SSM.Properties.Settings.ScMgP"].ConnectionString;
    using (SqlConnection connUN = new SqlConnection(_cs)) {

接下来就是构建此命令的方式。这是彻头彻尾的危险！ 永远不会你应该从包含用户输入的内联字符串拼凑SQL命令。这是SQL注入的一个主要示例，并且在20多年中一直处于十大漏洞之中。正确的方法是使用参数并通过稍后添加值来添加用户输入。以下是我之前的代码示例构建的相关代码块

Next thing is the way you build this command up. It is downright dangerous! NEVER EVER should you piece together an SQL Command from inline strings containing user input. This is a prime example of SQL Injection, and has been in the top 10 vulnerabilities for over 20 years. The proper way would be to used Parameters and adding the user input by adding the values later. Here is the relevant block of code building on my previous code sample

try {
  SqlCommand cmd = new SqlCommand(_qry, connUN);
  cmd.Parameters.AddWithValue("@password", txtP.Text());

最后一件事就是你的错误处理。它假定每次抛出都与数据库有关。有选项，您可以堆叠 catch 语句以显示有关错误的更好信息。唯一的规则是泛型 catch（Exception ex）是最后一个，因为它将捕获任何异常。通过使用特定的MySqlException catch，您可以访问特定于MySql的属性。

And the last thing is your error handling. It assumes every every thrown is with the database. There are options, and you can stack the catch statements to display better information about your mistake. The only rule is that the generic catch (Exception ex) is last, as it will catch any exception. By using a specific MySqlException catch you can access the properties specific to MySql.

catch (MySqlException sx) {
  MessageBox.Show(
    "MySql Exception " + sx.Message
    , "Database error #" + sx.Code
    , MessageBoxButtons.OK
    , MessageBoxIcon.Error
  );
}
catch (Exception ex) {
  MessageBox.Show(
    "System error Message.   " + ex.Message
    , "General Error"
    , MessageBoxButtons.OK
    , MessageBoxIcon.Error
  );
}

我无法保证这会解决您所要求的问题，但这些代码块更安全且可以更多当你遇到问题时提供信息。

I cannot guarantee that this will fix your requested problem, but these blocks of code are safer and can be more informative when you do have a problem.