Question

我尝试制作登录页面。但是，它总是显示这个信息：

用户名或密码不正确

虽然我很确定我的用户名和密码是正确的。

private void button1_Click(object sender, EventArgs e)
{
    if (string.IsNullOrEmpty(txtbox_user.Text) || string.IsNullOrEmpty(txtbox_password.Text))
    //txt_name.Text == String.IsNullOrEmpty || txt_family.Text == String.IsNullOrEmpty || txt_username.Text == String.IsNullOrEmpty || txt_password.Text == String.IsNullOrEmpty || txt_repeat.Text == String.IsNullOrEmpty || txt_mail.Text == String.IsNullOrEmpty)
    {
        MessageBox.Show("Plesae insert your username and password");
    }
    else
    {
        connection.Open();
        OleDbCommand command = new OleDbCommand();
        command.Connection = connection;
        command.CommandText = " select * from Login where UserName =' " + txtbox_user.Text + " ' and PassWord = ' " + txtbox_password.Text + " ' ";
        OleDbDataReader reader = command.ExecuteReader();
        int count = 0;
        while (reader.Read())
        {
            count = count + 1;
        }
        if (count == 1)
        {
            MessageBox.Show("Welcome!");
            LearnerForm F2 = new LearnerForm();
            F2.Show();
        }
        if (count > 1)
        {
            MessageBox.Show("Duplicate username or Password");
        }
        else
        {
            MessageBox.Show("Username or Password is not correct");
        }

        connection.Close();
    }
}

Answer 1

引用'后，您还有一个额外的空格。删除它：

where UserName =' " + txtbox_user.Text + " ' and PassWord = ' " + txtbox_password.Text + " '

应该是：

where UserName ='" + txtbox_user.Text + "' and PassWord = '" + txtbox_password.Text + "'

另外，我强烈建议您始终使用parameterized queries来避免SQL Injection。

“用户名或密码不正确” - 获取相同的消息

1 个答案: