美好的一天 我正在登录页面上工作,在该页面上,用户将能够登录,然后在首次登录后更改密码。然后,用户将能够使用新密码登录系统。 我发现ExecuteScalar将帮助我使代码完美运行。但是,我现在面对的是ExecuteScalar返回错误的值,用户可以在其中更改密码,但不允许他重定向到主页。
我试图更改if语句,但仍然显示错误的结果
SqlConnection con = new SqlConnection(@"Data Source=TOWELL\XPEDEON;User ID=xplive;Password=xplive");
try {
con.Open();
if (attemp < 3)
{
DataTable dt = new DataTable();
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = ("select count (*) from log_sup where ENTITY_DIVISION_CODE = '" + textBox1.Text + "'and DX_NUMBER = '" + textBox2.Text + "' ");
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(dt);
int result = Convert.ToInt32(cmd.ExecuteScalar());
if (result > 0)
{
Form3 F3 = new Form3();
F3.Show();
this.Hide();
}
else if(result == 0)
{
recby = textBox1.Text;
Form2 f2 = new Form2();
f2.Show();
this.Hide();
}
else
{
MessageBox.Show("WRONG PASSWORD, THIS IS YOUR " + attemp + " ATTEMPT ");
}
}
else if (attemp == 3)
{
MessageBox.Show("LOGIN EXCEED , PLEASE CONTACT THE ADMIN TO RESET YOUR ACCOUNT LOGIN");
textBox1.Enabled = false;
textBox2.Enabled = false;
label2.Enabled = false;
}
attemp++;
}
catch (Exception) {
}
con.Close();
用户更改密码后,它将标记为1,以检查密码是否已更改
答案 0 :(得分:1)
我建议更改查询:
Count(*)可能很昂贵(您可能想扫描整个表),而您所需要的只是“如果有任何条记录”的答案那个...”-您可以早点停下来。"123'; delete from log_sup; --"放入textBox1.Text中)代码:
...
cmd.CommandText =
@"select 1
from log_sup
where ENTITY_DIVISION_CODE = @prm_ENTITY_DIVISION_CODE
and DX_NUMBER = @prm_DX_NUMBER";
//TODO: cmd.Parameters.Add("param_name", RDMBS_TYPE) is a better choice
cmd.Parameters.AddWithValue("@prm_ENTITY_DIVISION_CODE", textBox1.Text);
cmd.Parameters.AddWithValue("@prm_DX_NUMBER", textBox2.Text);
using (var reader = cmd.ExecuteReader()) {
if (reader.Read()) { // We've succeeded in reading (at least) one record
Form3 F3 = new Form3();
F3.Show();
this.Hide();
}
else { // the cursor is empty
recby = textBox1.Text;
Form2 f2 = new Form2();
f2.Show();
this.Hide();
}
}
...