C# Mysql datareader - 如何使用 datareader 获取其他列
[英]C# Mysql datareader - how to get other coloumn using datareader
问题描述
Im trying to validate the password from my database that has been hash and salted.
我试图从我的数据库中验证密码,该密码是 hash 并加盐。 I Created an column in my user table username, hash and salt.我在我的用户表用户名 hash 和 salt 中创建了一个列。 Now i want to know i can i access the other column value using datareader.现在我想知道我可以使用 datareader 访问其他列的值。
I tried this method but i got an red line.我尝试了这种方法,但我得到了一条红线。 also this is my failed attempt这也是我失败的尝试
public static bool VerifyPassword(string enteredPassword, string storedHash, string storedSalt)
{
var saltBytes = Convert.FromBase64String(storedSalt);
var rfc2898DeriveBytes = new Rfc2898DeriveBytes(enteredPassword, saltBytes, 10000);
return Convert.ToBase64String(rfc2898DeriveBytes.GetBytes(256)) == storedHash;
}
private void bunifuFlatButton1_Click(object sender, EventArgs e)
{
string userhash;
string usersalt;
MySqlConnection mysqlCon = new MySqlConnection(connectionString);
MySqlCommand cmd = new MySqlCommand("SELECT * FROM login.info WHERE username = @user", mysqlCon);
MySqlDataReader rd;
rd = cmd.ExecuteReader();
cmd.Parameters.Add("@user", MySqlDbType.VarChar).Value = username.Text;
mysqlCon.Open();
while (rd.Read())
{
userhash = rd.GetString("hash");
usersalt = rd.GetString("salt");
bool isPasswordMatched = VerifyPassword(textpass.Text, userhash.Hash, usersalt.Salt);
// i got redline error in here. i only follow instruction.. link below
if (isPasswordMatched)
{
//Login Successfull
}
else
{
//Login Failed
}
}
}
by the way, i only follow this instruction from this thread.顺便说一句,我只遵循这个线程的这个指令。 How to validate salted and hashed password in c# 如何验证 c# 中的加盐和散列密码
1 个解决方案
解决方案1
2 已采纳 2019-10-29 14:01:41
Here is another way of writing your code, not really an answer, but...not perfect mind, but at least it will dispose of the objects and also call them in the correct order.这是编写代码的另一种方式,不是真正的答案,但是......不是完美的头脑,但至少它会处理对象并以正确的顺序调用它们。 Please read upon on IDisposable and Sql Injection.请阅读 IDisposable 和 Sql 注入。
private void bunifuFlatButton1_Click(object sender, EventArgs e)
{
using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
{
// Use a named list of fields please. And cleanse the text.
using (MySqlCommand cmd = new MySqlCommand("SELECT * FROM login.info WHERE username = @user", mysqlCon))
{
cmd.Parameters.Add("@user", MySqlDbType.VarChar).Value = username.Text; // Let's hope user name is not Jimmy DropTables!!
mysqlCon.Open();
using (MySqlDataReader rd = cmd.ExecuteReader())
{
while (rd.Read())
{
string userhash = rd.GetString("hash");
string usersalt = rd.GetString("salt");
bool isPasswordMatched = VerifyPassword(textpass.Text, userhash, usersalt);
// Note that we are passing in strings, not props of an unknown object
if (isPasswordMatched)
{
//Login Successfull
}
else
{
//Login Failed
}
}
}
mysqlCon.Close();
}
}
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.