如何使用C#更新密码?

时间:2019-02-18 07:50:37

标签: c#

我找不到我的问题。谁能帮我检查一下。我是C#的新手。

  public void Btnchange_Click(object sender, EventArgs args)

 MySqlConnection con = new MySqlConnection("server=localhost;user id=root;persistsecurityinfo=True;database=user;password=1234");
        MySqlDataAdapter sda = new MySqlDataAdapter("select Password from user.register where Password='" + textoldpassword.Text + "'", con);
        DataTable dt = new DataTable();
        sda.Fill(dt);

        if (dt.Rows.Count.ToString() == "1")
        {
            if (textnewpassword.Text == textconfirmpassword.Text)
            {
                con.Open();
                MySqlCommand cmd = new MySqlCommand("update user.register set Password ='" + textconfirmpassword.Text + "' where Password ='" + textoldpassword.Text + "'", con);
                cmd.ExecuteNonQuery();

                con.Close();
                lblmsg.Text = "Succesfully Updated";
                lblmsg.ForeColor = Color.Green;
            }

            else
            {
                lblmsg.Text = "New password and confirm password should be same!";
            }

我希望它可以更新和更改我的密码。

1 个答案:

答案 0 :(得分:3)

  

您的代码中有很多(大部分)小错误:

     
      
  • 在您的sql表中使用某种ID字段
    •   
  • 从不像您一样进行更新(在此字段等于...的地方更新字段)
    •   
  • 创建您自己的类并将查询结果绑定到该类
    •   
  • 当类实现IDisposable接口时,请始终使用关键字“ using”
    •   
  • 在SQL查询中永远不要用户字符串连接!!! SQL注入!!!始终使用参数化的SQL查询
    •   
     

这是您的表格的简单示例。假设你的   user.register表具有以下列:   - ID   - 用户名   -密码

     

现在,让我们创建您自己的类(也许在您的按钮下面单击   事件,因此这次可以设为不公开):

private class MyUser
{
    public int Id { get; set; }
    public string Username { get; set; }
    public string Password { get; set; }
}
     

然后您的按钮单击事件应如下所示:

private void Btnchange_Click(object sender, EventArgs e) {
if (!textnewpassword.Text.Trim().Equals(textconfirmpassword.Text.Trim()))
{
    throw new ArgumentException("New password and confirm password should be same!");
}

List<MyUser> myUsers = new List<MyUser>();

using (MySqlConnection con =
    new MySqlConnection(
        "server=localhost;user id=root;persistsecurityinfo=True;database=user;password=1234"))
{
    using (MySqlCommand cmd = new MySqlCommand("select * from user.register where Username=@user and Password=@pass", con))
    {
        cmd.Parameters.AddWithValue("@user", textusername.Text.Trim());
        cmd.Parameters.AddWithValue("@pass", textoldpassword.Text.Trim());

        if (cmd.Connection.State != ConnectionState.Open) cmd.Connection.Open();

        using (MySqlDataReader dr = cmd.ExecuteReader())
        {
            while (dr.Read())
            {
                myUsers.Add(new MyUser
                {
                    Id = (int)dr["Id"],
                    Username = dr["Username"].ToString(),
                    Password = dr["Password"].ToString()
                });
            }
        }

        if (cmd.Connection.State == ConnectionState.Open) cmd.Connection.Close();
    }

    if (!myUsers.Any())
    {
        throw new ArgumentException("No users found with the given username/password pair!");
    }

    if (myUsers.Count != 1)
    {
        throw new ArgumentException("More than 1 user has the same username and password in the database!");
    }

    MyUser user = myUsers.First();
    user.Password = textnewpassword.Text.Trim();

    using (MySqlCommand cmd = new MySqlCommand("update user.register set Password=@pass where Id=@id"))
    {
        cmd.Parameters.AddWithValue("@pass", user.Password);
        cmd.Parameters.AddWithValue("@id", user.Id);

        if (cmd.Connection.State != ConnectionState.Open) cmd.Connection.Open();
        cmd.ExecuteNonQuery();
        if (cmd.Connection.State == ConnectionState.Open) cmd.Connection.Close();
    }
} }
     

...等等。

相关问题
最新问题