Lyn*_*rum 1 c# mysql visual-studio-2015
我想使用 C# 登录该程序,使用存储在 phpmyadmin 中的 SQL 数据库中的用户名和密码。这是我到目前为止所拥有的。
private void button1_Click(object sender, EventArgs e)
{
MySqlConnection connection;
string server = "localhost";
string database = "login";
string uid = "root";
string password = "";
string connectionString;
connectionString = "SERVER=" + server + ";" + "DATABASE=" +
database + ";" + "UID=" + uid + ";" + "PASSWORD=" + password + ";";
connection = new MySqlConnection(connectionString);
try
{
connection.Open();
if (connection.State == ConnectionState.Open)
{
connection.Close();
Form1 frm = new Form1(this);
frm.Show();
Hide();
}
else
{
MessageBox.Show("Database Connection Failed", "Epic Fail", MessageBoxButtons.OKCancel, MessageBoxIcon.Asterisk);
}
}
catch (Exception ex)
{
MessageBox.Show("An Error Occured, Try again later.", "Epic Fail", MessageBoxButtons.OKCancel, MessageBoxIcon.Asterisk);
}
}
它连接到数据库,但我不希望它显示表单1,直到输入有效的用户名和密码。我猜我需要使用 SELECT * FROM 但我不太确定如何去做。
您可以使用此方法查看用户名和密码是否匹配
MySqlCommand cmd = dbConn.CreateCommand();
cmd.CommandText = "SELECT count(*) from tbUser WHERE UserName = @username and password=@password";
command.Parameters.Add("@username", txtUserName.Text);
command.Parameters.Add("@password", txtPassword.Text);
var count = cmd.ExecuteScalar();
if(count>0)
//Logged In
只是说,如果您使用类似的查询
cmd.CommandText = "SELECT count(*) from tbUser WHERE UserName = '"+txtusernam +"'";
您将对 SQL 注入持开放态度
警告
正如史蒂夫在评论中提到的那样,明文密码是与字符串连接同等程度的漏洞