private void button1_Click(object sender, EventArgs e)
{
try
{
string myconnection = @"Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\Users\G_Anik\documents\visual studio 2012\Projects\Practise2\Practise2\Database1.mdf;Integrated Security=True";
SqlConnection mycon = new SqlConnection(myconnection);
SqlCommand SelectCommand = new SqlCommand("Select *from Database1.Login where UserName=' " + this.Username.Text + " ' and Password=' " + this.Password.Text + " ' ;", mycon);
SqlDataReader myReader;
mycon.Open();
myReader = SelectCommand.ExecuteReader();
int count = 0;
while (myReader.Read())
{
count = count + 1;
}
if (count == 1)
{
MessageBox.Show("UserName and Password is Correct");
}
else if (count > 1)
{
MessageBox.Show("Duplicate Username and Password.. Access DEnied");
}
else
MessageBox.Show("Username and password is Incorrect.Try Again");
mycon.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
答案 0 :(得分:1)
这是“如何不做这个”代码行的集合。请阅读一本好书或教程:
'; DROP DATABASE; --
放入您的文本框会怎样?或者只是' OR 1 == 1 --
?)答案 1 :(得分:0)
试试这个......
SqlCommand SelectCommand = new SqlCommand("Select *from Login where UserName=' " + this.Username.Text + " ' and Password=' " + this.Password.Text + " ' ;", mycon);
SqlDataReader myReader;