一、简单登录验证(防SQL注入)
GetString(序号) 返回某一列的值(当用户不记得列名序号时,可使用GetOrdinal()获取到序号)
GetInt32(序号) 针对的是 int 字段,返回int字段的值
GetOrdinal("列名") 根据列名得到序号
Console.WriteLine("请输入用户名:"); string Uname=Console.ReadLine(); Console.WriteLine("请输入密码:"); string Pwd=Console.ReadLine(); using (SqlConnection conn = new SqlConnection("Data Source=.;database=mytest;uid=sa;pwd=gao;")) { conn.Open(); using (SqlCommand cmd = conn.CreateCommand()) { //User为关键字,用[]解决,表名T_开头,字段F开头 cmd.CommandText = "select * from mydo where username='" + Uname + "'"; using (SqlDataReader dr = cmd.ExecuteReader()) { if (dr.Read()) { //防止SQL注入,GetString(序号)返回某一列的值,GetOrdinal()根据列名得到序号 string dbpasswd = dr.GetString(dr.GetOrdinal("passwd")); if (Pwd == dbpasswd) //判断用户输入的与数据库查询到的是否一致 { Console.WriteLine("登录成功!"); } else { Console.WriteLine("密码错误!"); } } else { Console.WriteLine("用户名错误!"); } } } }
二、简单登录验证 (通过参数赋值)(防SQL注入)
Console.WriteLine("请输入用户名:"); string username=Console.ReadLine(); Console.WriteLine("请输入密码:"); string passwd=Console.ReadLine(); using (SqlConnection conn = new SqlConnection("Data Source=.;database=mytest;uid=sa;pwd=gao;")) { conn.Open(); using (SqlCommand cmd = conn.CreateCommand()) {
cmd.CommandText = "select * from mydo where username=@Uname and passwd=@Pwd"; cmd.Parmeters.Add(new SqlParmeter("Uname",username)); cmd.Parmeters.Add(new SqlParmeter("Pwd",passwd)); using (SqlDataReader dr = cmd.ExecuteReader()) { if (dr.Read()) { Console.WriteLine("登陆成功!"); } else { Console.WriteLine("登陆失败!"); } } } }
三、简单登录验证(含有错误次数的判断)
首先在数据库中加入 error 字段,类型为 int 默认值为 0
注意:在同一个连接中,如果SqlDataReader没有关闭,那么是不能执行Update之类的语句的
所以下面对于 error 次数的修改,都是通过 函数 的方式来实现
private void IncErrorTimes() //用于为error字段自增值的 函数(方法)
{ using (SqlConnection conn = new SqlConnection("server=.;database=mytest;uid=sa;pwd=gao;")) { conn.Open(); using (SqlCommand cmd = conn.CreateCommand()) { cmd.CommandText = "update mydo set error=error+1 where username=@U"; cmd.Parameters.Add(new SqlParameter("@U", txtLogin.Text.Trim())); cmd.ExecuteNonQuery(); } } } private void ResetErrorTimes() //用于为error字段复位(设置为0)的 函数
{ using (SqlConnection conn = new SqlConnection("server=.;database=mytest;uid=sa;pwd=gao;")) { conn.Open(); using (SqlCommand cmd = conn.CreateCommand()) { cmd.CommandText = "update mydo set error=0 where username=@U"; cmd.Parameters.Add(new SqlParameter("@U", txtLogin.Text.Trim())); cmd.ExecuteNonQuery(); } } } private void button1_Click(object sender, EventArgs e) //主程序 { using (SqlConnection conn = new SqlConnection("server=.;database=mytest;uid=sa;pwd=gao;")) { conn.Open(); using (SqlCommand cmd = conn.CreateCommand()) { cmd.CommandText = "select * from mydo where username=@U"; cmd.Parameters.Add(new SqlParameter("U", txtLogin.Text.Trim())); using (SqlDataReader dr = cmd.ExecuteReader()) { if (dr.Read()) { int errorTimes = dr.GetInt32(dr.GetOrdinal("error")); if (errorTimes >= 3) { MessageBox.Show("错误次数过多,禁止登陆!"); return; } string dbname = dr.GetString(dr.GetOrdinal("username")); if (dbname == txtLogin.Text.Trim()) { string dbpasswd = dr.GetString(dr.GetOrdinal("passwd")); if (dbpasswd == txtPasswd.Text.Trim()) { ResetErrorTimes(); MessageBox.Show("登陆成功!"); picBox1.Visible = true; } else { IncErrorTimes(); MessageBox.Show("登陆失败!"); return; } } } else { MessageBox.Show("用户名错误!"); } } } }