如何使用其他列的结果选择值

时间:2012-10-10 20:03:05

标签: c# mysql

我正在使用C#,我需要为mysql用户和密码开发一个检查系统。 到目前为止,我提出的是这个,我得到的错误是它是错误的语法......

public bool VerifyUser(string username, string password)
{
    string returnValue = "";

    string Query = "SELECT Pass FROM Base_Character WHERE User='" + username + "'";

    MySqlCommand verifyUser = new MySqlCommand(Query, this.sqlConn);

    try
    {
        verifyUser.ExecuteNonQuery();

        MySqlDataReader myReader = verifyUser.ExecuteReader();

        while (myReader.Read() != false)
        {
            returnValue = myReader.GetString(0);
        }

        myReader.Close();
    }
    catch (Exception excp)
    {
        Exception myExcp = new Exception("Could not verify user. Error: " +
            excp.Message, excp);
        throw (myExcp);
    }

    if (returnValue == password)
    {
        return false;
    }
    else
    {
        return true;
    }
}

2 个答案:

答案 0 :(得分:0)

ExecuteNonQuery用于DELETE,INSERT和UPDATE。每当您希望从数据库中返回作为行的数据时,请使用ExecuteReader

您的查询应该一起检查用户名和密码,如果它们存在于一条记录中,则返回该行,否则不返回任何内容。

使用.Net

还需要了解更多关于编码/数据库编程的知识
public bool VerifyUser(string username, string password)
{
    bool returnValue = false;
    string Query = "SELECT 1 FROM Base_Character WHERE User='" + username + "' AND pass='"+password+"'";

    try
    {
        MySqlCommand command = new MySqlCommand(Query, this.sqlConn);

        MySqlDataReader myReader = command.ExecuteReader();

        if(myReader.Read())
        {
            returnValue = true;
        }

        myReader.Close();
    }
    catch (Exception excp)
    {
        throw;
    }

    return returnValue;
 }

您可能不应该抛出自定义异常,因为您使用的是布尔值

if(VerifyUser("user123", "******"))
{
   //Congratulations
}
else
{
   //Unable to log you in
}

答案 1 :(得分:0)

谢谢大家,但这需要一个mysql无法保存或处理的自定义加密,我的主要错误是查看执行者的查询(),所以我不得不像这样编写代码:

if (AuthorizeTools.Encrypt.Password(Database.getPassword) != Password) //Password is already encrypted

然后将mysql函数设置为:

public string getPassword(string username)
        {
            string returnValue = "";
            string Query = "SELECT Pass FROM Base_Character where (User=" +
                "'" + username + "') LIMIT 1";

            MySqlCommand checkUser = new MySqlCommand(Query, this.sqlConn);

            try
            {
                checkUser.ExecuteNonQuery();

                MySqlDataReader myReader = checkUser.ExecuteReader();

                while (myReader.Read() != false)
                {
                    returnValue = myReader.GetString(0);
                }

                myReader.Close();
            }
            catch (Exception excp)
            {
                Exception myExcp = new Exception("Could not grab password: " +
                    excp.Message, excp);
                throw (myExcp);
            }
            return (returnValue);
        }