好的,我的智慧结束了。我有一个教师登录页面。用户名是教师ID(整数)和密码(字符串)必须与我在SQL中获得的教师表中已有的内容相匹配。请注意,我的知识和理解是非常基础的。这是SD文凭中C#模块作业的一部分。显然我的代码到目前为止还没有用。我做错了什么?我的代码在下面......
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Configuration;
using System.Data.SqlClient;
namespace School_System_Project
{
public partial class Login2 : Form
{
SqlConnection conn;
SqlDataAdapter adapter = new SqlDataAdapter();
DataTable table = new DataTable();
SqlCommand command = new SqlCommand();
public Login2()
{
InitializeComponent();
}
private void btnTLogin_Click(object sender, EventArgs e)
{
string msg = "Teacher ID or Password cannot be left blank!";
if (txtTID.Text == "")
{
lblMessage1.Text = msg;
return;
}
if (txtTPW.Text == "")
{
lblMessage1.Text = msg;
return;
}
conn = new SqlConnection
(ConfigurationManager.ConnectionStrings["Name of connection string"].ConnectionString);
SqlCommand command = new SqlCommand();
command.Connection = conn;
command.CommandType = CommandType.Text;
command.CommandText = "SELECT TID, Password FROM Teacher WHERE TID = @ID
AND Password = @Password";
command.Connection.Open();
SqlParameter param = new SqlParameter();
param.ParameterName = "@ID";
param.SqlDbType = SqlDbType.Int;
param.Direction = ParameterDirection.Input;
param.Value = txtTID.Text;
command.Parameters.Add(param).Value = Int32.Parse(txtTID.Text);
SqlParameter param2 = new SqlParameter();
param2.ParameterName = "@Password";
param.SqlDbType = SqlDbType.Int;
param.Direction = ParameterDirection.Input;
param.Value = txtTPW.Text;
command.Parameters.Add(param2);
adapter.SelectCommand = command;
adapter.SelectCommand.ExecuteReader();
SqlDataReader reader = command.ExecuteReader();
if (txtTID.Text == param.ParameterName && txtTPW.Text == param2.ParameterName)
{
MainTeachers mainteachers = new MainTeachers();
mainteachers.ShowDialog();
}
else
{
lblMessage1.Text = "Incorrect login details, please try again";
}
reader.Dispose();
command.Dispose();
conn.Dispose();
}
答案 0 :(得分:2)
好的 - 很多东西要清理......
SqlParameter param = new SqlParameter();
param.ParameterName = "@ID";
param.SqlDbType = SqlDbType.Int;
param.Direction = ParameterDirection.Input;
param.Value = txtTID.Text;
command.Parameters.Add(param).Value = Int32.Parse(txtTID.Text);
为什么要设置两次值?首先将它设置为看起来像字符串的内容(但参数定义为SqlDbType.Int,然后添加参数并再次设置其值 - 这次是一个int。那些作业你想保留吗?
SqlParameter param2 = new SqlParameter();
param2.ParameterName = "@Password";
param.SqlDbType = SqlDbType.Int;
从现在开始,您正在使用param.,而您定义的参数确实是param2 - 复制和粘贴错误???需要修复!
另外:是类型SqlDbType.Int的密码参数真的 ??? .....
请告诉我您 并非 在数据库中以明文存储所有密码!这将是您系统中的 MAJOR 禁忌和安全问题!
另外:你执行你的读者 - 但你从来没有真正读取来自它的任何数据......
我会将您的代码重写为类似的东西,以利用所有使用ADO.NET和原始SQL的常用最佳实践:
// define the query you want to execute
string query = "SELECT TID, Password FROM Teacher WHERE TID = @ID AND Password = @Password";
// establish connection and command objects, both wrapped into using(){} blocks to
// ensure proper disposal, even in case of an exception
using (conn = new SqlConnection(ConfigurationManager.ConnectionStrings["Name of connection string"].ConnectionString))
using (SqlCommand command = new SqlCommand(query, conn))
{
// add paramters and set values
command.Parameters.Add("@ID", SqlDbType.Int).Value = Convert.ToInt32(txtTID.Text);
command.Parameters.Add("@Password", SqlDbType.VarChar, 50).Value = txtTPW.Text;
// open connection
conn.Open();
// execute your reader
using (SqlDataReader reader = command.ExecuteReader())
{
// you need to actually *read* from the reader here! What are you trying to do?
// just check if that row with ID and password exist? Fetch some data?
bool idExists = reader.HasRows();
reader.Close();
}
conn.Close();
}
答案 1 :(得分:0)
除了Rahul Singh指出的错误。
您需要的数据位于SqlDataReader读取器变量中。 param.ParameterName将永远是" @ ID"
尝试使用user = @ID和password = @Password登录,您将被重定向到表单。