with query1 do close; with sql do clear; add('select * from 密码表 where (用户名='+''''+edit1.text+''''+') and (密码='+''''+edit2.text+''''); end; open; end; if query1.eof then showmessage('用户名或密码不正确') else showmessage('验证通过');
aquery.close; aquery.sql.clear; aquery.sql.add('select * from tableName where(username='''+edit.text+''')'); aquery.open; if aquery.recordcount<> 0 then begin if aquery.fieldvalues['password']=edit2.text then begin //登陆成功,做相应的操作。 end else showmessage('密码错误!'); end else showmessage('用户名不存在!');
不建议直接将密码作为sql串直接传进去,这样会有安全问题,建议用参数的形式, sql='select * from *** where username=:a and password=:b' add... query.parametername('a').asstring = edtUser.text; ....
不,我还是建议用heshantxwd(无为)的方法。设置参数别名,然后传递,安全。
补充一些。 with Query do begin parameters.ParamValues['a'] := Name; if Active then Requery else open; if RecordCount > 0 then begin // end else end;
close;
with sql do
clear;
add('select * from 密码表 where (用户名='+''''+edit1.text+''''+') and (密码='+''''+edit2.text+'''');
end;
open;
end;
if query1.eof then
showmessage('用户名或密码不正确')
else
showmessage('验证通过');
aquery.sql.clear;
aquery.sql.add('select * from tableName where(username='''+edit.text+''')');
aquery.open;
if aquery.recordcount<> 0 then
begin
if aquery.fieldvalues['password']=edit2.text then
begin
//登陆成功,做相应的操作。
end
else
showmessage('密码错误!');
end
else
showmessage('用户名不存在!');
sql='select * from *** where username=:a and password=:b'
add...
query.parametername('a').asstring = edtUser.text;
....
begin
parameters.ParamValues['a'] := Name;
if Active then
Requery
else
open;
if RecordCount > 0 then
begin
//
end
else end;