如何从mysql数据库中检索数据

时间:2015-09-07 13:16:13

标签: c# mysql

此代码来自我们的SAD项目的用户登录配置文件。我注册用户登录的帐户正在运行,因为它已保存在数据库中但我无法登录,因为它表示无效。

private void btn_login_Click(object sender, EventArgs e)
        {
            conn = new MySqlConnection(myconn);
            string query = "select * from southpoint_school.user where userUsername='" + textBox1.Text + "' and userPassword='" + textBox2.Text + "'";
            conn.Open();
           cmd = new MySqlCommand(query, conn);

       MySqlDataReader reader = cmd.ExecuteReader();
        int count = 0;

        while (reader.Read())
        {
            count++;
        }

        if (count == 1)
        {
            conn = new  MySqlConnection(myconn);

            string problem = "SELECT userAccountType from southpoint_school.user WHERE userUsername ='" + textBox1.Text + "'";
            conn.Open();
            cmd = new MySqlCommand(problem, conn);
            string answer = cmd.ExecuteScalar().ToString();
            conn.Close();

            MessageBox.Show("Login successful!", "Success!", MessageBoxButtons.OK, MessageBoxIcon.Information);

            if (answer == "Administrator")
            {
                memorable = "Administrator";

                frm_main main = new frm_main();
                main.Show();
                this.Hide();
            }
            else
            {
                memorable = "Limited";

                frm_main main = new frm_main();
                main.Show();
                this.Hide();
            }
        }
        else if (textBox1.Text == "" && textBox2.Text == "")
        {
            MessageBox.Show("No Username and/or Password Found!");
        }
        else
        {
            MessageBox.Show("Invalid Username And/Or Password!");
        }
        conn.Close();
    }

1 个答案:

答案 0 :(得分:0)

案例

  

无效的用户名和/或密码!

只有在您的southpoint_school.user数据库中输入的用户名+密码超过1个搜索结果时才会发生。所以我会检查你数据库中的数据。

另外我会

  • 使用参数而不是字符串连接来创建sql语句以避免注入
  • 在数据库中保存(盐渍)哈希密码而不是明文
  • 使用陈述进行更有效的ressurce使用
  • 仅查询一次用户表并使用两次结果

e.g:

if (string.IsNullOrEmpty(textBox1.Text) || string.IsNullOrEmpty(textBox2.Text))
{
    MessageBox.Show("No Username and/or Password Found!");
}
else
{
    DataTable dtResult = new DataTable();
    string Command = "select * from southpoint_school.user where userUsername=@un and userPassword=@up";
    using (MySqlConnection myConnection = new MySqlConnection(ConnectionString))
    {

        using (MySqlDataAdapter myDataAdapter = new MySqlDataAdapter(Command, myConnection))
        {
            myDataAdapter.SelectCommand.Parameters.Add(new MySqlParameter("@un", textBox1.Text));
            myDataAdapter.SelectCommand.Parameters.Add(new MySqlParameter("@up", textBox2.Text));
            myDataAdapter.Fill(dtResult);
        }
    }
    if (dtResult.Rows.Count == 1)
    {
        MessageBox.Show("Login successful!", "Success!", MessageBoxButtons.OK, MessageBoxIcon.Information);
        if ((string)dtResult.Rows[0]["userAccountType"] == "Administrator")
        {
            memorable = "Administrator";
            frm_main main = new frm_main();
            main.Show();
            this.Hide();
        }
        else
        {
            memorable = "Limited";
            frm_main main = new frm_main();
            main.Show();
            this.Hide();
        }
    }
    else if (dtResult.Rows.Count == 0)
    {
        MessageBox.Show("Invalid Username And/Or Password!");
    }
    else //TODO: treat the case for multiple results
    {
    }
}
相关问题
最新问题