RT
解决方案 »
- 请各位高手帮识别如下图片验证码
- 求助~关于在C#里面输入SQL语句用来插入文件路径的问题!!
- 望高手指点,有点小困难
- 如何点击 richtextbox ,自动复制到粘贴板
- C#有没有办法通过字符串来调用方法?
- 请问Access中自动编号字段的数据类型是什么啊?为什么我在.Net中访问时报“标准数据类型不匹配”呢?int32,int64我都试过了。。。。
- sql中如何将查询结果中的‘1’输出‘男’
- 为何读取邮件头中的汉字时变成了乱码?
- 请问如何在代码中表示一个二进制的数/十六进制的数
- 安装了VS2008以后是不是已经也IIS?
- 操作Excel,除了NExcel和MyXls,还有什么?
- Socket.Close()的问题
<?xml version="1.0" encoding="utf-8" ?>
<configuration>
<configSections>
</configSections>
<connectionStrings>
<add name="【自定义连接名称 如:SQLDBConnectionString(数据库名称+ConnectionString)】"
connectionString="Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\【数据库文件如:SqlDB.mdf】;Integrated Security=True;User Instance=True;Asynchronous Processing=true"
providerName="System.Data.SqlClient" />
</connectionStrings>
</configuration>然后窗体里(调用app.config的数据库连接):String connStr = ConfigurationManager.ConnectionStrings["【自定义连接名称 如:SQLDBConnectionString(数据库名称+ConnectionString)】"].ConnectionString;然后接下去就是验证登录了:
using (SqlConnection conn = new SqlConnection(connStr))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "SELECT * FROM 【表】 where PassWord=@PassWord and UserName=@UserName";
cmd.Parameters.Add(new SqlParameter("UserName", txtName.Text));
cmd.Parameters.Add(new SqlParameter("PassWord", txtPass.Text));
int i = Convert.ToInt32(cmd.ExecuteScalar());
if (i > 0)
{ }
else
{
MessageBox.Show("用户名/密码错误!");
}
}
}
{
if ( textBox2.Text.Trim() == "" || textBox3.Text.Trim() == "")
{
MessageBox.Show("提示:请输入登录用户名和密码!", "警告");
}
else
{
SqlConnection connect = DB.DB_Login();
string strSQL = "select * from 表名 where Login='" + textBox2.Text.Trim() + "'and Password='" + textBox3.Text.Trim() + "'";
SqlCommand cmd = new SqlCommand(strSQL, connect);
SqlDataReader asd = cmd.ExecuteReader();
asd.Read();
if (asd.HasRows)
{
this.Hide();
MainForm formchild = new MainForm();
formchild.users = textBox2.Text.Trim();
formchild.Show();
}
else
{
MessageBox.Show("提示:学生用户名或密码错误!", "警告");
}
connect.Close();
}
}
}
DB类的DB_Login(): public static SqlConnection DB_Login()
{
SqlConnection connect = new SqlConnection("Data Source=(local);Database=FingerPrint;UID=sa;PWD=123;数据库名");
connect.Open();
return connect;
}
楼主上分。分 。。分
】:
cmd.CommandText = "SELECT * FROM 【表】 where PassWord=@PassWord and UserName=@UserName";
cmd.Parameters.Add(new SqlParameter("UserName", txtName.Text));
cmd.Parameters.Add(new SqlParameter("PassWord", txtPass.Text));
可以防止SQL注入攻击。
{
string strconn = "server=(local);uid=sa;pwd=123;database=login";
SqlConnection conn=new SqlConnection(strconn);
string userName =txtUserName.Text.ToString().Trim();
string userPwd = txtPwd.Text.ToString().Trim();
string selectStr = "Select * from login where name = '" + userName + "'";
SqlCommand cmd = new SqlCommand(selectStr, conn);
try
{
conn.Open(); //打开连接
SqlDataReader sdr = cmd.ExecuteReader(); //执行查询
if (sdr.Read()) //如果该用户存在
{
if (sdr.GetString(1).Trim() == userPwd) //密码正确
{
//Session["userName"] = userName;
// Session["userRole"] = userRole;
conn.Close();
//lblMessage.Text = "恭喜你!";
Form2 form = new Form2();
form.ShowDialog(); }
else //密码错误,给出提示信息!
{
lblMessage.Text = "您输入的密码错误,请检查后重新输入!";
}
}
else //用户不存在或用户名输入错误
{
lblMessage.Text = "该用户不存在或用户名输入错误,请检查后重新输入!";
}
}
catch (Exception ee)
{
//Response.Write("<script language=javascript>alert('" + ee.Message.ToString() + "')</script>");
}
finally
{
conn.Close();
}
}