我尝试将数据与数据库匹配,并使用dataadapter填充我的数据表。如果匹配,请使用dataadapter填充数据表。如果不匹配,请显示消息。但我的用户名和密码与数据库匹配,它仍然显示msg。在调试模式下,用户名和密码都是通过但不填写数据表。
using (OracleConnection conn = new OracleConnection())
{
conn.ConnectionString = connStr;
conn.Open();
string sql = @"select user_id, password, status, role_id, email, contact_no,
last_login_date, created_by, last_update_date, last_update_by
from users where user_id = :userID and password = :pwd";
using (OracleCommand cmd = new OracleCommand())
{
cmd.Connection = conn;
cmd.CommandText = sql;
cmd.Parameters.Add("userID", OracleType.VarChar).Value = userID;
cmd.Parameters.Add("pwd", OracleType.VarChar).Value = pwd;
DataTable dt = new DataTable();
OracleDataAdapter adapter = new OracleDataAdapter(cmd);
adapter.Fill(dt);
if (dt.Rows.Count <= 0)
{
msg = "Invalid Login ID or Password";
}
return dt;
}
}
dt.Rows.Count为0.但是我检查了用户名和密码与数据库完全相同。
答案 0 :(得分:0)
SQL:
create procedure sp_authenticate
(
@userId varchar(50),
@pass varchar(50)
)
as
begin
select user_id, password, status, role_id, email, contact_no,
last_login_date, created_by, last_update_date, last_update_by
from users where user_id = @userid and password = @pass
end
C#代码:
using (OracaleConnection con=new OracaleConnection())
{
conn.ConnectionString = connStr;
conn.Open();
using (OracleCommand cmd = new OracleCommand())
{
cmd.Connection = conn;
cmd.CommandText = "sp_authenticate"; //name of your procedure
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.Add("@userid", OracleType.VarChar,50).value=userID;
cmd.Parameters.Add("@password", OracleType.VarChar,50).value=pwd;
DataTable dt = new DataTable();
OracleDataAdapter adapter = new OracleDataAdapter(cmd);
adapter.Fill(dt);
if (dt.Rows.Count <= 0)
{
msg = "Invalid Login ID or Password"; }
}
return dt;
}