我正在尝试使用Sql server management studio为我的应用程序制作一个不错的登录表单。 我应该做3层。
我认为他们都是正确的,在我的主要形式我有2个txtboxes和一个按钮,但我不知道如何连接一个和另一个,当我输入用户名和pw他们检查它与数据库,看看是否两者都是正确的。
到目前为止,我得到了:public class UsersDB
{
public static Users GetUsers(string username, string password)
{
SqlConnection conn = QuizzesDB.GetConnection();
Users user = new Users();
string selectStatement =
"SElECT * " +
"FROM Users" +
"WHERE User_Name = @User_Name" +
"AND Password = @Password";
SqlCommand selectCommand = new SqlCommand(selectStatement, conn);
selectCommand.Parameters.AddWithValue("@User_Name", username);
selectCommand.Parameters.AddWithValue("@Password", password);
try
{
conn.Open();
SqlDataReader reader = selectCommand.ExecuteReader();
while (reader.Read())
{
user.username = reader["User_Name"].ToString();
user.password = reader["Password"].ToString();
}
reader.Close();
}
catch (SqlException ex)
{
throw ex;
}
finally
{
conn.Close();
}
return user;
}
}
我从数据库中获取信息的类。
第二堂课是
public class Users
{
private string cUsername;
private string cPassword;
public Users() { }
public string username
{
get { return cUsername; }
set { cUsername = value; }
}
public string password
{
get { return cPassword; }
set { cPassword = value; }
}
}
我试过这样的事情:但我总是得到一个错误“''''附近的语法不正确。
private void btnLogin_Click(object sender, EventArgs e)
{
string userName = txtUsername.Text;
string password = txtPassword.Text;
Users user = new Users();
user = UsersDB.GetUsers(userName, password);
try
{
user = UsersDB.GetUsers(userName, password);
if (user == null)
{
MessageBox.Show("wrong username or password", "Login");
}
else
{
MessageBox.Show("login succesvol", "Login");
}
}
catch (Exception ex){
throw ex;
}
}
答案 0 :(得分:0)
除了错误的编码风格,你的SQL查询还有一点问题:
string selectStatement =
"SElECT * " +
"FROM Users" + // <-- you need an space before "
"WHERE User_Name = @User_Name" + // <-- also here
"AND Password = @Password";
为什么不使用单行查询?
string selectStatement =
"SElECT * FROM Users WHERE User_Name = @User_Name AND Password = @Password";
如果您确实需要多行查询,为什么不使用verbatim strings?
string selectStatement = @"
SElECT *
FROM Users
WHERE User_Name = @User_Name
AND Password = @Password";