Question

private void button1_Click(object sender, EventArgs e)
{
    try
    {
        string myconnection = @"Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\Users\G_Anik\documents\visual studio 2012\Projects\Practise2\Practise2\Database1.mdf;Integrated Security=True";
        SqlConnection mycon = new SqlConnection(myconnection);

        SqlCommand SelectCommand = new SqlCommand("Select *from Database1.Login where UserName=' " + this.Username.Text + " ' and Password=' " + this.Password.Text + " ' ;", mycon);
        SqlDataReader myReader;
        mycon.Open();
        myReader = SelectCommand.ExecuteReader();
        int count = 0;
        while (myReader.Read())
        {
            count = count + 1;
        }
        if (count == 1)
        {
            MessageBox.Show("UserName and Password is Correct");

        }
        else if (count > 1)
        {
            MessageBox.Show("Duplicate Username and Password.. Access DEnied");

        }    
        else
            MessageBox.Show("Username and password is Incorrect.Try Again");
        mycon.Close();    
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message);

    }

Answer 1

这是“如何不做这个”代码行的集合。请阅读一本好书或教程：

一般的SQL（你的引号错了）
SQL injection攻击（如果我将'; DROP DATABASE; --放入您的文本框会怎样？或者只是' OR 1 == 1 --？）
数据库中的密码安全性。见hashing。
IDisposible interface and using blocks

Answer 2

试试这个......

 SqlCommand SelectCommand = new SqlCommand("Select *from Login where UserName=' " + this.Username.Text + " ' and Password=' " + this.Password.Text + " ' ;", mycon);
            SqlDataReader myReader;

无效的对象名称'Database1.Login'

2 个答案: