倒,我想问的是具体的比较过程。。 procedure TFrm_Login.Button1Click(Sender: TObject); begin ADOCommand1.CommandText:='select count(*) from User Where User_Account="'LoginName.text'" and User_Password="'LoginPassword.Text'"' ; ADOCommand1.Execute; 以上代码正确吗?接下来该怎么判断是否有取出数据?
AdoQuery1.SQL.Text:='select User_Password from User Where User_Account='''+LoginName.text+'''' ; AdoQuery1.close; AdoQuery1.Open; if AdoQuery1.fieldbyname('User_Password')=LoginPassword.Text then
还是把现有的密码传进去! procedure TFrm_Login.Button1Click(Sender: TObject); begin ADOCommand1.CommandText := 'select count(*) as RCount ' + 'from User ' + 'Where User_Account=' + QuotedStr(LoginName.text) + ' and User_Password=' + QuotedStr(LoginPassword.Text); ADOCommand1.Execute; if ADOCommand1.FieldByName('RCount').asInteger <> 1 then ShowMessage('登陆失败'); end;
这个方法不好,还记得ASP中的那个漏洞吗?
还是要用 jinjazz(近身剪(N-P攻略))的方法~
QuotedStr 应该没有问题 如果用一堆引号就麻烦大了
g961681的方法,ADOCommand1似乎没有FieldByName函数
我的方法: procedure Tyhdlfrm.Button1Click(Sender: TObject); begin data.xtADO.Active:=true; with data.xtADO do data.xtADO.Locate('用户',edit1.text,[]);if data.xtADO.FieldByName('密码').Value=edit2.text then begin showmessage('用户名和密码正确!欢迎进入系统!'); close; end else showmessage('用户名或密码错误!请重新输入!'); end; end.
procedure TFrm_Login.Button1Click(Sender: TObject);
begin
ADOCommand1.CommandText:='select count(*) from User Where User_Account="'LoginName.text'" and User_Password="'LoginPassword.Text'"' ;
ADOCommand1.Execute;
以上代码正确吗?接下来该怎么判断是否有取出数据?
AdoQuery1.close;
AdoQuery1.Open;
if AdoQuery1.fieldbyname('User_Password')=LoginPassword.Text then
procedure TFrm_Login.Button1Click(Sender: TObject);
begin
ADOCommand1.CommandText := 'select count(*) as RCount ' +
'from User ' +
'Where User_Account=' + QuotedStr(LoginName.text) +
' and User_Password=' + QuotedStr(LoginPassword.Text);
ADOCommand1.Execute;
if ADOCommand1.FieldByName('RCount').asInteger <> 1 then ShowMessage('登陆失败');
end;
procedure Tyhdlfrm.Button1Click(Sender: TObject);
begin
data.xtADO.Active:=true;
with data.xtADO do
data.xtADO.Locate('用户',edit1.text,[]);if data.xtADO.FieldByName('密码').Value=edit2.text then
begin
showmessage('用户名和密码正确!欢迎进入系统!');
close;
end
else
showmessage('用户名或密码错误!请重新输入!');
end;
end.
而如果把真正的密码取出来的话,我想本地Crack的话,还是有可能的!
哎~~~~~~~~~~~~~~~
begin
Adoquery1.CommandText := 'select count(*) as RCount ' +
'from User ' +
'Where User_Account=' + QuotedStr(LoginName.text) +
' and User_Password=' + QuotedStr(LoginPassword.Text);
Adoquery1.Execute;
if Adoquery1.FieldByName('RCount').asInteger <> 1 then ShowMessage('登陆失败');
end;
不会产生记录集
procedure TFrm_Login.Button1Click(Sender: TObject);
begin
Adoquery1.CommandText := 'select count(*) as RCount ' +
'from User ' +
'Where User_Account=' + QuotedStr(LoginName.text) +
' and User_Password=' + QuotedStr(LoginPassword.Text);
if ADOQuery1.ExecSQL <> 1 then ShowMessage('登陆失败');
end;