对编程仍然很陌生,并试图让我的头脑围绕将项目连接到数据库。我已经使用 XAMPP/phpmyAdmin 创建了一个数据库,并使用以下代码将其成功连接到我的 Windows 窗体应用程序:
const string connectInfo = @"data source = localhost; Port = 3307; username = 'root'; password = ''; database = caesar_cypher;";
public static void AttemptLogin(string username, string password)
{
try
{
var connect = new MySqlConnection(connectInfo);
var LoginCommand = new MySqlCommand($"SELECT * FROM login WHERE userName = '{username}' AND password = '{password}';", connect);
MySqlDataReader reader;
connect.Open();
reader = LoginCommand.ExecuteReader();
int count = 0;
while (reader.Read())
{ count += 1; }
if (count == 1)
{
MessageBox.Show("Log in successful");
}
else if (count > 1)
{
MessageBox.Show("Incorrect username or password");
}
else
{
MessageBox.Show("Duplicate username and password - access denied.");
}
MessageBox.Show("Connected");
connect.Close();
if (count == 1)
{
var form2 = new CypherForm();
form2.Activate();
form2.Show();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
此(以上)代码运行良好,但容易受到 SQL 注入攻击。因此,我按照涵盖 SqlCommand.Prepare()
方法的 this Microsoft Docs 页面跟踪并修改了我的代码。
现在,当我运行我的代码时,出现以下异常:
Keyword not supported 'port'这是新代码:
const string connectInfo = @"data source = localhost; Port = 3307; username = 'root'; password = ''; database = caesar_cypher;";
public static bool AttemptSecureLogin(string username, string password)
{
try
{
using (var connection = new SqlConnection(connectInfo))
{
connection.Open();
var loginCommand = new SqlCommand(null, connection)
{
CommandText =
"SELECT * FROM login WHERE userName = @uName AND password = @pWord"
};
var uNameParam = new SqlParameter("@uName", SqlDbType.VarChar, 30);
var pWordParam = new SqlParameter("@pWord", SqlDbType.VarChar, 30);
uNameParam.Value = username;
pWordParam.Value = password;
loginCommand.Parameters.Add(uNameParam);
loginCommand.Parameters.Add(pWordParam);
loginCommand.Prepare();
loginCommand.ExecuteNonQuery();
SqlDataReader reader = loginCommand.ExecuteReader();
int count = 0;
while(reader.Read())
{ count += 1; }
if(count == 1) {
MessageBox.Show("Log in successful!");
var cypherForm = new CypherForm();
cypherForm.Activate();
cypherForm.Show();
return true;
}
else if(count > 1) {
MessageBox.Show("Incorrect username/password.");
return false;
}
else {
MessageBox.Show("Duplicate username/password.");
return false;
}
MessageBox.Show("Connected");
connection.Close();
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
return false;
}
我在这里找到了一些类似的帖子,但真的不明白问题出在哪里,有人可以帮忙吗?
他