针对SQL DB的C＃Windows窗体应用程序文本框验证

Question

I'm new to C# and have a background in SQL so apologies if this is a very stupid query, but I have been trawling google for about 2 hours now and can't find what I need. If someone knows of an article they can point me to, that would be great.

I have a simple windows forms application, and I'm setting up a login box so that users have to enter their user ID to proceed.

I have a SQL Server DB (SQL 2005) with the following table:

Users UserID (int); userName nvarchar(50)

I am using Visual Studio 2010

What I'm stymied by is how to check whether their userID exists in my SQL Table (called users...) I'm not going to put any code here because it's been rewritten from scratch so many times that a clean slate is probably best!

Ideally, I want the user to enter their user ID, and click 'login'. When they do this, if their userID is not valid in the DB table then I need it to give an error msgBox; if it is valid then it should log them in, passing their userID and userName (stored in the DB table) to a variable which I can use elsewhere in the application to populate fields.

I hope this makes sense, and I'm sure I've missed the perfect article out there which will explain it all - hopefully one of you kind people can point me in the right direction!

Thank you

Answer 1

    /*table code
     * create table login
           (
                id varchar(25),
                    pass varchar(25)
            )   
     * 
     * 
     * 
     * 
     */

    string Connectstring = @"Data Source=DELL-PC;Initial Catalog=stud;Integrated Security=True";
    public Form1()
    {
        InitializeComponent();
    }



    private void button1_Click(object sender, EventArgs e)
    {
        SqlConnection cn = new SqlConnection(Connectstring);
        cn.Open();


        SqlCommand cmd = new SqlCommand("select * from log where id=@a and pass=@b", cn);
        cmd.Parameters.AddWithValue("@a", textBox1.Text.ToString().ToUpper());
        cmd.Parameters.AddWithValue("@b", textBox2.Text);

        SqlDataReader dr = cmd.ExecuteReader();


        if ((dr.Read() == true))
        {
            MessageBox.Show("The user is valid!");
            Form2 mainForm = new Form2();
            mainForm.Show();
            this.Hide();
        }
        else
        {
            MessageBox.Show("Invalid username or password!");
        }


    }

Answer 2

You should make a simple SQL query with the userID the user entered, like
SELECT UserID from Users where userID= value. The executeNonQuery() will return the number of matches. If the returned value ==1, means that the userid exists in the database. If the returned value is different from 1, means that the userid not exists or it was registered multiple times. So, if is 1 then you cand call a different form to make different things, else you call anoter form or output a messagebox with an error message

Answer 3

Declare a connection string to Your database

string connString = @"Data Source=.\SQLEXPRESS;Initial Catalog=YourDatabase;Integrated Security=True";

After this You can use a validate method below

private bool ValidateUserById(string connString, int id)
{
    using (var conn = new SqlConnection(connString))
    {
        conn.Open();

        var sqlString = string.Format("Select * From Users where Id = {0}", id);
        using (var cmd = new SqlCommand(sqlString, conn))
        {
                return cmd.ExecuteScalar() != null;
        }
    }
}

Then on button click You can check the user

if (ValidateUserById(connString, Convert.ToInt32(textBox1.Text)))
{
    //..
}
else
{
    //..
}