C#数据库登录表单
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/16618212/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
C# Database Log In form
提问by Shevliaskovic
I want to create a Registration and Log In form on Visual Studio 2010 (with Visual C#).
I have created Service-Based Database and one table. I can insert data into the table (at the registration form), but I cannot figure out how to log in the user.
我想在 Visual Studio 2010(使用 Visual C#)上创建一个注册和登录表单。
我创建了基于服务的数据库和一张表。我可以在表中插入数据(在注册表中),但我不知道如何登录用户。
I have a very simple Log In Form (just fields for username and password) and a 'Log In' Button. I do not really know how to check if the password and the username (that exist in my database) match. Here is what I have so far:
我有一个非常简单的登录表单(只有用户名和密码字段)和一个“登录”按钮。我真的不知道如何检查密码和用户名(存在于我的数据库中)是否匹配。这是我到目前为止所拥有的:
private void button1_Click(object sender, EventArgs e)
{
if (textBox1.Text != "" & textBox2.Text != "")
{
cn.Open(); // cn is the Sqlconnection
cmd.Parameters.AddWithValue("@Username", textBox1.Text); // cmd is SqlCommand
cmd.Parameters.AddWithValue("@Password", textBox2.Text);
if (cmd.CommandText == "SELECT * FROM Table1 WHERE username = @Username AND password = @Password")
{
MessageBox.Show("Loggen In!");
this.Close();
}
cn.Close();
}
}
采纳答案by Steve
You need to Execute the query to know if the information exists in the database
您需要执行查询才能知道该信息是否存在于数据库中
if (textBox1.Text != "" & textBox2.Text != "")
{
string queryText = @"SELECT Count(*) FROM Table1
WHERE username = @Username AND password = @Password";
using(SqlConnection cn = new SqlConnection("your_connection_string"))
using(SqlCommand cmd = new SqlCommand(queryText, cn))
{
cn.Open();
cmd.Parameters.AddWithValue("@Username", textBox1.Text);
cmd.Parameters.AddWithValue("@Password", textBox2.Text);
int result = (int)cmd.ExecuteScalar();
if (result > 0)
MessageBox.Show("Loggen In!");
else
MessageBox.Show("User Not Found!");
}
}
I have also changed something in your code.
我还更改了您的代码中的某些内容。
- Changed the query text to return just the count of the users with the specific username and account and be able to use ExecuteScalar
- Enclosed the creation of the SqlConnection and SqlCommand in a using statementto be sure to dispose these objects at the end of the operation
- 更改查询文本以仅返回具有特定用户名和帐户的用户数,并且能够使用ExecuteScalar
- 将 SqlConnection 和 SqlCommand 的创建包含在using 语句中,以确保在操作结束时处置这些对象
I also recommend to change the the way in which you store the password.
Store, in the password field, an hash not the clear password. Then pass to the database the same hash and compare this against the content of the database field.
In this way, the password is known only to your user, not by you or by any passersby that looks at the database table
我还建议更改存储密码的方式。
在密码字段中存储散列而不是明文密码。然后将相同的哈希传递给数据库,并将其与数据库字段的内容进行比较。
这样,密码只有您的用户知道,您或任何查看数据库表的路人都不知道
回答by Prashant Kumar Singh
SqlConnection con = new SqlConnection("connection_string");
SqlCommand cmd = new SqlCommand("select Count(*) from [dbo].[Table] where uname=@uname and password=@password");
cmd.Connection = con;
con.Open();
cmd.Parameters.AddWithValue("@uname", uname.Text);
cmd.Parameters.AddWithValue("@password", password.Text);
int Result=(int)cmd.ExecuteScalar();
if (Result > 0)
{
Response.Redirect("welcome.aspx");
}
else
{
Response.Redirect("register.aspx");
}
