如何从 SQL 检查 C# 中错误的用户名和密码?
How can I check wrong username and password in C# from SQL?
我只是尝试检查错误的用户名、密码,我希望消息框显示“错误的用户名、密码”。
当我输入正确的用户名和密码后,就可以登录了。
当我第一次输入错误的用户名和密码时,会出现一个消息框,但即使我第二次输入正确的用户名和密码,我也会再次出现错误。
我认为 return 不起作用。
baglanti 表示联系
我的代码在这里:
private void loginBtn_Click(object sender, EventArgs e)
{
if (txtboxID.Text == "")
{
MessageBox.Show("Please enter your username..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
if (txtboxPW.Text == "")
{
MessageBox.Show("Please enter your password..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
string getid = "SELECT username FROM user WHERE username='" + txtboxID.Text + "'";
string getpw = "SELECT password FROM user WHERE password='" + txtboxPW.Text + "'";
SQLiteCommand gettingid = new SQLiteCommand(getid, baglanti);
SQLiteCommand gettingpw = new SQLiteCommand(getpw, baglanti);
baglanti.Open();
object idfind = gettingid.ExecuteScalar();
if (idfind == null)
{
MessageBox.Show("wrong username", "Error");
return;
}
object pwfind = gettingpw.ExecuteScalar();
if (pwfind == null)
{
MessageBox.Show("wrong password", "Error");
return;
}
baglanti.Close();
string id = idfind.ToString();
string pass = pwfind.ToString();
if (txtboxID.Text == id || txtboxPW.Text == pass)
{
guverteBtn.Visible = true;
makineBtn.Visible = true;
loginBtn.Visible = false;
logincontrolTxt.Text = "Login Succesfully !";
logincontrolTxt.ForeColor = Color.White;
logincontrolTxt.Location = new Point(200, 393);
regBTN.Visible = false;
resetBTN.Visible = false;
txtboxID.Text = "";
txtboxPW.Text = "";
}
else
{
logincontrolTxt.Text = "Invalid ID or Password !";
logincontrolTxt.Location = new Point(180, 393);
logincontrolTxt.ForeColor = Color.Red;
txtboxID.Text = "";
txtboxPW.Text = "";
}
}
我刚刚对您的代码做了一些小修改,但正如其他人提到的,您需要将 SQL 查询更改为参数化查询以防止 SQL 注入。
也总是尽量connect/query数据库尽可能少,如果你能立刻得到你的数据,以提高你的应用程序性能。
我没有测试下面的代码,但它应该可以解决您的问题。
private void loginBtn_Click(object sender, EventArgs e)
{
if (txtboxID.Text == "")
{
MessageBox.Show("Please enter your username..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
if (txtboxPW.Text == "")
{
MessageBox.Show("Please enter your password..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
string getid = "SELECT username FROM user WHERE username='" + txtboxID.Text + "' AND password='" + txtboxPW.Text + "'"; //Security Issue: SQL Injection
SQLiteCommand gettingid = new SQLiteCommand(getid, baglanti);
try {
baglanti.Open();
object idfind = gettingid.ExecuteScalar();
if (idfind == null)
{
MessageBox.Show("Invalid user credentials!", "Error");
}
else
{
if (!string.IsNullOrEmpty(Convert.ToString(idfind)))
{
guverteBtn.Visible = true;
makineBtn.Visible = true;
loginBtn.Visible = false;
logincontrolTxt.Text = "Login Succesful!";
logincontrolTxt.ForeColor = Color.White;
logincontrolTxt.Location = new Point(200, 393);
regBTN.Visible = false;
resetBTN.Visible = false;
txtboxID.Text = "";
txtboxPW.Text = "";
}
else
{
logincontrolTxt.Text = "Invalid ID or Password !";
logincontrolTxt.Location = new Point(180, 393);
logincontrolTxt.ForeColor = Color.Red;
txtboxID.Text = "";
txtboxPW.Text = "";
}
}
}
catch(Exception ex)
{
MessageBox.Show("Unhandled exception!", "Error");
}
finally {
baglanti.Close();
}
}
我只是尝试检查错误的用户名、密码,我希望消息框显示“错误的用户名、密码”。
当我输入正确的用户名和密码后,就可以登录了。 当我第一次输入错误的用户名和密码时,会出现一个消息框,但即使我第二次输入正确的用户名和密码,我也会再次出现错误。
我认为 return 不起作用。
baglanti 表示联系
我的代码在这里:
private void loginBtn_Click(object sender, EventArgs e)
{
if (txtboxID.Text == "")
{
MessageBox.Show("Please enter your username..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
if (txtboxPW.Text == "")
{
MessageBox.Show("Please enter your password..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
string getid = "SELECT username FROM user WHERE username='" + txtboxID.Text + "'";
string getpw = "SELECT password FROM user WHERE password='" + txtboxPW.Text + "'";
SQLiteCommand gettingid = new SQLiteCommand(getid, baglanti);
SQLiteCommand gettingpw = new SQLiteCommand(getpw, baglanti);
baglanti.Open();
object idfind = gettingid.ExecuteScalar();
if (idfind == null)
{
MessageBox.Show("wrong username", "Error");
return;
}
object pwfind = gettingpw.ExecuteScalar();
if (pwfind == null)
{
MessageBox.Show("wrong password", "Error");
return;
}
baglanti.Close();
string id = idfind.ToString();
string pass = pwfind.ToString();
if (txtboxID.Text == id || txtboxPW.Text == pass)
{
guverteBtn.Visible = true;
makineBtn.Visible = true;
loginBtn.Visible = false;
logincontrolTxt.Text = "Login Succesfully !";
logincontrolTxt.ForeColor = Color.White;
logincontrolTxt.Location = new Point(200, 393);
regBTN.Visible = false;
resetBTN.Visible = false;
txtboxID.Text = "";
txtboxPW.Text = "";
}
else
{
logincontrolTxt.Text = "Invalid ID or Password !";
logincontrolTxt.Location = new Point(180, 393);
logincontrolTxt.ForeColor = Color.Red;
txtboxID.Text = "";
txtboxPW.Text = "";
}
}
我刚刚对您的代码做了一些小修改,但正如其他人提到的,您需要将 SQL 查询更改为参数化查询以防止 SQL 注入。
也总是尽量connect/query数据库尽可能少,如果你能立刻得到你的数据,以提高你的应用程序性能。
我没有测试下面的代码,但它应该可以解决您的问题。
private void loginBtn_Click(object sender, EventArgs e)
{
if (txtboxID.Text == "")
{
MessageBox.Show("Please enter your username..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
if (txtboxPW.Text == "")
{
MessageBox.Show("Please enter your password..", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
string getid = "SELECT username FROM user WHERE username='" + txtboxID.Text + "' AND password='" + txtboxPW.Text + "'"; //Security Issue: SQL Injection
SQLiteCommand gettingid = new SQLiteCommand(getid, baglanti);
try {
baglanti.Open();
object idfind = gettingid.ExecuteScalar();
if (idfind == null)
{
MessageBox.Show("Invalid user credentials!", "Error");
}
else
{
if (!string.IsNullOrEmpty(Convert.ToString(idfind)))
{
guverteBtn.Visible = true;
makineBtn.Visible = true;
loginBtn.Visible = false;
logincontrolTxt.Text = "Login Succesful!";
logincontrolTxt.ForeColor = Color.White;
logincontrolTxt.Location = new Point(200, 393);
regBTN.Visible = false;
resetBTN.Visible = false;
txtboxID.Text = "";
txtboxPW.Text = "";
}
else
{
logincontrolTxt.Text = "Invalid ID or Password !";
logincontrolTxt.Location = new Point(180, 393);
logincontrolTxt.ForeColor = Color.Red;
txtboxID.Text = "";
txtboxPW.Text = "";
}
}
}
catch(Exception ex)
{
MessageBox.Show("Unhandled exception!", "Error");
}
finally {
baglanti.Close();
}
}