我有两种表单Login和UserForm。
在我的Login表单上,我有2个文本框控件,第一个用于用户名(txtUser),第二个用于密码(txtPass)。我还有一个名为login的按钮。
在我的UserForm上,我有一个名为label1的标签。
我想从Login获取用户名的文字,在标签上显示UserForm的表单加载。
请教我如何做到这一点。
登录的代码在这里:
public partial class Login : Form
{
UserForm _userform = new UserForm();
Admin _Adminform = new Admin();
public Login()
{
InitializeComponent();
}
private void loginscs_Click(object sender, EventArgs e)
{
try
{
string userNameText = txtUser.Text;
string passwordText = txtPass.Text;
string isAdmin = "yes";
string isNotAdmin = "no";
if (!(string.IsNullOrEmpty(txtUser.Text)) && !(string.IsNullOrEmpty(txtPass.Text)))
{
SqlConnection SCScon = new SqlConnection();
SCScon.ConnectionString = "Data Source=PEWPEWDIEPIE\\SQLEXPRESS;Initial Catalog=master;Integrated Security=True";
SqlCommand cmd = new SqlCommand("SELECT ISNULL(SCSID, '') AS SCSID, ISNULL(SCSPass,'') AS SCSPass, ISNULL(isAdmin,'') AS isAdmin FROM SCSID WHERE SCSID='" + txtUser.Text + "' and SCSPass='" + txtPass.Text + "'", SCScon);
SCScon.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
if (this.CompareStrings(dr["SCSID"].ToString(), txtUser.Text) &&
this.CompareStrings(dr["SCSPass"].ToString(), txtPass.Text) &&
this.CompareStrings(dr["isAdmin"].ToString(), isAdmin))
{
MessageBox.Show("Hello " + txtUser.Text, "Admin", MessageBoxButtons.OK, MessageBoxIcon.Information);
_Adminform.Show();
this.Hide();
}
else if (this.CompareStrings(dr["SCSID"].ToString(), txtUser.Text) &&
this.CompareStrings(dr["SCSPass"].ToString(), txtPass.Text) &&
this.CompareStrings(dr["isAdmin"].ToString(), isNotAdmin))
{
MessageBox.Show("Welcome " + txtUser.Text, "User");
_userform.Show();
this.Hide();
}
}
else
{
MessageBox.Show("Wrong ID/Pass");
}
SCScon.Close();
}
}
catch (Exception ex)
{
MessageBox.Show("error2" + ex);
}
}
private bool CompareStrings(string string1, string string2)
{
return String.Compare(string1, string2, true, System.Globalization.CultureInfo.InvariantCulture) == 0 ? true : false;
}
}
答案 0 :(得分:4)
好吧,我建议做几件事
应用程序启动代码看起来像
static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Login login = new Login();
if (login.ShowDialog() != DialogResult.OK)
return;
User user = login.User;
Form mainForm = user.IsAdmin ? (Form)new Admin() : new UserForm(user.Name);
Application.Run(mainForm);
}
因此,正如您已经注意到我创建了类User,其中包含与用户信息相关的密码(密码除外):
public class User
{
public string Name { get; set; }
public bool IsAdmin { get; set; }
}
接下来,我将登录表单上的数据访问(移动到存储库类)和UI分开:
public partial class Login : Form
{
public Login()
{
InitializeComponent();
}
public User User { get; private set; }
private void btnLogin_Click(object sender, EventArgs e)
{
var repository = new UserRepository();
User = repository.GetUser(txtUser.Text, txtPass.Text);
if (User == null)
{
MessageBox.Show("Wrong ID/Pass");
DialogResult = DialogResult.Cancel;
return;
}
if (User.IsAdmin)
MessageBox.Show("Hello " + User.Name, "Admin",
MessageBoxButtons.OK,
MessageBoxIcon.Information);
else
MessageBox.Show("Welcome " + User.Name, "User");
DialogResult = DialogResult.OK;
}
private void RequiredTextBox_Validating(object sender, CancelEventArgs e)
{
TextBox textBox = (TextBox)sender;
if (String.IsNullOrEmpty(textBox.Text))
{
errorProvider.SetError(textBox, "Required");
return;
}
errorProvider.SetError(textBox, "");
}
}
我已经使用控件验证来检查是否在文本框中输入了数据(您应该将两个文本框都订阅到RequiredTextBox_Validating事件并将ErrorProvider组件添加到此表单中)。接下来是数据访问。您当前的代码是SQL Injection攻击的好目标。您应该使用参数将数据传递到数据库:
public class UserRepository
{
// NOTE: Use <connectionStrings> section in App.config to store connection string
private string connectionString = "Data Source=PEWPEWDIEPIE\\SQLEXPRESS;Initial Catalog=master;Integrated Security=True";
public User GetUser(string userName, string password)
{
using (var conn = new SqlConnection(connectionString))
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = @"SELECT ISNULL(SCSID, '') AS SCSID,
ISNULL(SCSPass,'') AS SCSPass,
ISNULL(isAdmin,'') AS isAdmin
FROM SCSID
WHERE SCSID = @userName ANDnd SCSPass = @password";
cmd.Parameters.AddWithValue("@userName", userName);
cmd.Parameters.AddWithValue("@password", password);
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
if (!reader.Read())
return null;
User user = new User();
user.Name = userName;
user.IsAdmin = reader["isAdmin"].ToString() == "yes";
return user;
}
}
}
答案 1 :(得分:0)
如果你想坚守你的代码:
现在创建UserForm的实例,设置其label属性并显示表单...
表单的Load事件在第一次显示之前触发。 覆盖时,请确保从覆盖的事件处理程序内部调用基本成员(例如base.OnLoad(e),因为事件的注册发生在您的基类(在本例中为Form类)而不是派生类(您的UserForm) ))