堆栈内存溢出
  简体   繁体   English

MySQL密码登录代码?

[英]MySQL Password Login Code?

 原文  2011-12-06 06:33:31       c#/ mysql/ password-protection

问题描述

I'm trying to do a Login code in C# with MySQL. 我正在尝试使用MySQL在C#中执行登录代码。 Basically the user enters a username and password then the code checks the database if the the password is correct. 基本上,用户输入用户名和密码,然后代码检查密码是否正确。 I'm having trouble getting the code to read from the data base... Here is where I'm at. 我无法从数据库读取代码...这就是我的位置。 

public string strUsername;
public string strPassword;


//Connect to DataBase
MySQLServer.Open();

//Check Login
MySqlDataReader mySQLReader = null;
MySqlCommand mySQLCommand = MySQLServer.CreateCommand();
mySQLCommand.CommandText = ("SELECT * FROM user_accounts WHERE username =" +strUsername);
mySQLReader = mySQLCommand.ExecuteReader();
while (mySQLReader.Read())
{
  string TruePass = mySQLReader.GetString(1);
  if (strPassword == TruePass)
  {
    blnCorrect = true;
    //Get Player Data
  }
}

MySQLServer.Close();

From what I've done in the past, I thought this would work but if I print it, it Seems like its not being read. 从我过去所做的事情来看,我认为这会起作用,但是如果我将其打印出来,看起来好像它没有被阅读。 I am still fairly new to MySQL so any help would be Great. 我对MySQL还是很陌生,所以任何帮助都会很棒。

2 个解决方案

解决方案1
 3 已采纳  2011-12-06 06:36:56

Non-numeric field value must be enclosed with single quote. 非数字字段值必须用单引号引起来。 

mySQLCommand.CommandText = "SELECT * FROM user_accounts WHERE username ='" +strUsername + "'";
mySQLCommand.Connection=MySQLServer;

but you have to use Parameters to prevent SQL Injection . 但是您必须使用Parameters来防止SQL注入 

 mySQLCommand.CommandText = "SELECT * FROM user_accounts WHERE username =@username"; 
 mySQLCommand.Connection=MySQLServer;
 mySQLCommand.Parameters.AddWithValue("@username",strUsername);

解决方案2
 -2  2011-12-06 06:56:08

        string con_string = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Database.mdf;Integrated Security=True;User Instance=True";
        string query = "SELECT * FROM Users WHERE UseName='" + txtUserName.Text.ToString() + "' AND Password='" + txtPassword.Text + "'";
        SqlConnection Con = new SqlConnection(con_string);
        SqlCommand Com = new SqlCommand(query, Con);
        Con.Open();
        SqlDataReader Reader;
        Reader = Com.ExecuteReader();

        if (Reader.Read())
        {
            lblStatus.Text="Successfully Login";
        }
        else
        {
           lblStatus.Text="UserName or Password error";
        }
        Con.Close();

As AVD said you should use parameters to prevent sql injection.... 正如AVD所说,您应该使用参数来防止SQL注入。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何在 C# 中使用预先散列的 mysql 密码验证登录? - How to authenticate login with a pre-hashed mysql password in C#? 使用密码加密的 c# 代码的用户登录模块不起作用 - User login module using c# code with password encryption not working WebClient登录到网站的密码 - WebClient login and password to the Website 登录名和密码程序 - Login and password program 加密和解密密码以登录 - Encrypting and decrypt password to login ASP中的登录名和密码 - Login and password in asp 在MySQL和代码隐藏中维护单独的登录会话是一个坏主意吗? - Is it a bad idea to maintain a separate login sessions in MySQL and Code Behind? 无需登录名和密码即可登录 api 团队 - Login to api teams without login and password 身份3重置密码无法登录 - Identity 3 reset password unable to login 存储用于第三方登录的密码 - Store Password for Third party login
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM