[英]How can I check wrong username and password in C# from SQL?
我只是嘗試檢查錯誤的用戶名、密碼,我希望消息框顯示“錯誤的用戶名、密碼”。
當我輸入正確的用戶名和密碼時,沒關系,我可以登錄。 當我第一次輸入錯誤的用戶名和密碼時,我會收到一個消息框,但即使我第二次輸入正確的用戶名和密碼,我也會再次收到錯誤消息。
我認為返回不起作用。
baglanti 意味着連接
我的代碼在這里:
private void loginBtn_Click(object sender, EventArgs e)
{
if (txtboxID.Text == "")
{
MessageBox.Show("Please enter your username..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
if (txtboxPW.Text == "")
{
MessageBox.Show("Please enter your password..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
string getid = "SELECT username FROM user WHERE username='" + txtboxID.Text + "'";
string getpw = "SELECT password FROM user WHERE password='" + txtboxPW.Text + "'";
SQLiteCommand gettingid = new SQLiteCommand(getid, baglanti);
SQLiteCommand gettingpw = new SQLiteCommand(getpw, baglanti);
baglanti.Open();
object idfind = gettingid.ExecuteScalar();
if (idfind == null)
{
MessageBox.Show("wrong username", "Error");
return;
}
object pwfind = gettingpw.ExecuteScalar();
if (pwfind == null)
{
MessageBox.Show("wrong password", "Error");
return;
}
baglanti.Close();
string id = idfind.ToString();
string pass = pwfind.ToString();
if (txtboxID.Text == id || txtboxPW.Text == pass)
{
guverteBtn.Visible = true;
makineBtn.Visible = true;
loginBtn.Visible = false;
logincontrolTxt.Text = "Login Succesfully !";
logincontrolTxt.ForeColor = Color.White;
logincontrolTxt.Location = new Point(200, 393);
regBTN.Visible = false;
resetBTN.Visible = false;
txtboxID.Text = "";
txtboxPW.Text = "";
}
else
{
logincontrolTxt.Text = "Invalid ID or Password !";
logincontrolTxt.Location = new Point(180, 393);
logincontrolTxt.ForeColor = Color.Red;
txtboxID.Text = "";
txtboxPW.Text = "";
}
}
我只是對您的代碼進行了一些小的修改,但正如其他人所提到的,您需要將 SQL 查詢更改為參數化查詢,以防止 SQL 注入。
如果您可以一次獲取數據,請始終嘗試盡可能少地連接/查詢數據庫,以提高應用程序性能。
我沒有測試下面的代碼,但它應該可以解決您的問題。
private void loginBtn_Click(object sender, EventArgs e)
{
if (txtboxID.Text == "")
{
MessageBox.Show("Please enter your username..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
if (txtboxPW.Text == "")
{
MessageBox.Show("Please enter your password..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
string getid = "SELECT username FROM user WHERE username='" + txtboxID.Text + "' AND password='" + txtboxPW.Text + "'"; //Security Issue: SQL Injection
SQLiteCommand gettingid = new SQLiteCommand(getid, baglanti);
try {
baglanti.Open();
object idfind = gettingid.ExecuteScalar();
if (idfind == null)
{
MessageBox.Show("Invalid user credentials!", "Error");
}
else
{
if (!string.IsNullOrEmpty(Convert.ToString(idfind)))
{
guverteBtn.Visible = true;
makineBtn.Visible = true;
loginBtn.Visible = false;
logincontrolTxt.Text = "Login Succesful!";
logincontrolTxt.ForeColor = Color.White;
logincontrolTxt.Location = new Point(200, 393);
regBTN.Visible = false;
resetBTN.Visible = false;
txtboxID.Text = "";
txtboxPW.Text = "";
}
else
{
logincontrolTxt.Text = "Invalid ID or Password !";
logincontrolTxt.Location = new Point(180, 393);
logincontrolTxt.ForeColor = Color.Red;
txtboxID.Text = "";
txtboxPW.Text = "";
}
}
}
catch(Exception ex)
{
MessageBox.Show("Unhandled exception!", "Error");
}
finally {
baglanti.Close();
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.