堆栈内存溢出
  简体   繁体   English

如何从mysql数据库中检索数据

[英]How can I retrieve data from mysql database

 原文  2015-09-07 13:16:12       c#/ mysql

问题描述

This code is from our user login profile for our SAD project.此代码来自我们 SAD 项目的用户登录配置文件。 The account I register for user log in is working since it saved in the database but I can't log in because it says invalid.我为用户登录注册的帐户正在工作,因为它保存在数据库中,但我无法登录,因为它说无效。

private void btn_login_Click(object sender, EventArgs e)
        {
            conn = new MySqlConnection(myconn);
            string query = "select * from southpoint_school.user where userUsername='" + textBox1.Text + "' and userPassword='" + textBox2.Text + "'";
            conn.Open();
           cmd = new MySqlCommand(query, conn);

       MySqlDataReader reader = cmd.ExecuteReader();
        int count = 0;

        while (reader.Read())
        {
            count++;
        }

        if (count == 1)
        {
            conn = new  MySqlConnection(myconn);

            string problem = "SELECT userAccountType from southpoint_school.user WHERE userUsername ='" + textBox1.Text + "'";
            conn.Open();
            cmd = new MySqlCommand(problem, conn);
            string answer = cmd.ExecuteScalar().ToString();
            conn.Close();

            MessageBox.Show("Login successful!", "Success!", MessageBoxButtons.OK, MessageBoxIcon.Information);

            if (answer == "Administrator")
            {
                memorable = "Administrator";

                frm_main main = new frm_main();
                main.Show();
                this.Hide();
            }
            else
            {
                memorable = "Limited";

                frm_main main = new frm_main();
                main.Show();
                this.Hide();
            }
        }
        else if (textBox1.Text == "" && textBox2.Text == "")
        {
            MessageBox.Show("No Username and/or Password Found!");
        }
        else
        {
            MessageBox.Show("Invalid Username And/Or Password!");
        }
        conn.Close();
    }

1 个解决方案

解决方案1
 0 已采纳  2015-09-07 13:40:24

The case案子

Invalid Username And/Or Password!无效的用户名和/或密码!

can only happen when you have 0 ore more than 1 search results in your southpoint_school.user database with your entered username + password.仅当您使用输入的用户名 + 密码在southpoint_school.user数据库中有 0 个或 1 个以上的搜索结果时才会发生。 So I would inspect the data in your database.所以我会检查你数据库中的数据。

Additionally I would另外我会

  • use parameters instead of string-concatenation for creating sql statements to avoid injection使用参数而不是字符串连接来创建 sql 语句以避免注入
  • save (salted)hashed passwords instead of plaintext in your database在您的数据库中保存(加盐)散列密码而不是明文
  • use using statements for more effecient ressurce useage使用 using 语句以获得更有效的资源使用
  • query the user-table only once and use the result twice仅查询用户表一次并使用结果两次

eg:例如:

if (string.IsNullOrEmpty(textBox1.Text) || string.IsNullOrEmpty(textBox2.Text))
{
    MessageBox.Show("No Username and/or Password Found!");
}
else
{
    DataTable dtResult = new DataTable();
    string Command = "select * from southpoint_school.user where userUsername=@un and userPassword=@up";
    using (MySqlConnection myConnection = new MySqlConnection(ConnectionString))
    {

        using (MySqlDataAdapter myDataAdapter = new MySqlDataAdapter(Command, myConnection))
        {
            myDataAdapter.SelectCommand.Parameters.Add(new MySqlParameter("@un", textBox1.Text));
            myDataAdapter.SelectCommand.Parameters.Add(new MySqlParameter("@up", textBox2.Text));
            myDataAdapter.Fill(dtResult);
        }
    }
    if (dtResult.Rows.Count == 1)
    {
        MessageBox.Show("Login successful!", "Success!", MessageBoxButtons.OK, MessageBoxIcon.Information);
        if ((string)dtResult.Rows[0]["userAccountType"] == "Administrator")
        {
            memorable = "Administrator";
            frm_main main = new frm_main();
            main.Show();
            this.Hide();
        }
        else
        {
            memorable = "Limited";
            frm_main main = new frm_main();
            main.Show();
            this.Hide();
        }
    }
    else if (dtResult.Rows.Count == 0)
    {
        MessageBox.Show("Invalid Username And/Or Password!");
    }
    else //TODO: treat the case for multiple results
    {
    }
}

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何使用MySqlDataReader从数据库mySQL检索数据? - How to retrieve data from database mySQL using MySqlDataReader? 从WebApi中的Mysql数据库中检索数据到HttpRecquest? - Retrieve Data from Mysql Database in WebApi To HttpRecquest? 如何在MySQL数据库中插入数据? - How I can Insert Data in the MySQL Database? 如何从我的 PostgreSQL 数据库中检索数据? WPF/C# - How can I retrieve data from my PostgreSQL database? WPF/C# 我想从MySQL数据库中检索去年的记录,但它正在从数据库中检索所有数据 - I want to retrieve last year record from MySQL database but it's retrieving all data's from database 从数据库检索数据-如何? - Retrieve data from database - how? 如何从特定用户的数据库中检索值? - How can I retrieve values from the database from a specific users? C# 如何从数据库中检索所有记录 - C# how can i retrieve all record from the database 如何从数据库检索以二进制格式存储的图像 - How can i retrieve the image stored in binary format from database 如何从mysql数据库中检索图像? - How to retrieve image from mysql database?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM