这里我放了一些代码......这段代码与登录系统有关。在这里我有一些问题....当我输入正确的用户ID和密码甚至错误的用户ID和密码都被授权和显示消息登录成功.......怎么可能这...我不理解为什么SQLConnection授予未知数据库中的未知用户....
参见守则......
string SQlcons = "Data Source=(LocalDB)\v11.0;AttachDbFilename='|DataDirectory|Database1.mdf';Integrated Security=True"
private void button1_Click(object sender, EventArgs e)
{
String UN = txtUsername.Text;
String PW = txtPassword.Text;
string loginstr = "SELECT * FROM Login Where UserName = '" + UN + "' and Password = '" + PW + "'";
SQLconn = new SqlConnection(SQLcons);
SQLconn.Open();
try
{
SqlCommand cmd = new SqlCommand(loginstr, SQLconn);
cmd.ExecuteNonQuery();
MessageBox.Show("Welcome " + txtUsername.Text);
Records rcd = new Records();
this.Hide();
rcd.ShowDialog();
}
catch
{
MessageBox.Show("Enter Correct Password and ID :(");
txtUsername.Text = "";
txtPassword.Text = "";
}
SQLconn.Close();
}
Plz ......给我解决方案和建议..
答案 0 :(得分:1)
int result = cmd.ExecuteNonQuery();
if(result == 0)
{
//wrong login info,
} else {
MessageBox.Show("Login Success");
}
ExecuteScalar()函数返回给定SQL String的行计数。在您的情况下,您应该检查ExecuteScalar()返回的整数值。如果结果为0,则用户输入错误的登录信息。如果结果为1,则用户输入正确的信息。