这是我的代码..我试图让它来验证数据库.
pass / user = Admin
{
/// <summary>
/// Interaction logic for MainWindow.xaml
/// </summary>
public partial class MainWindow : Window
{
public MainWindow()
{
InitializeComponent();
}
private void main_B_Signup_Click(object sender, RoutedEventArgs e)
{
RegWindow rWindow = new RegWindow();
rWindow.Show();
this.Close();
}
private void main_B_login_Click(object sender, RoutedEventArgs e)
{
//connect to the database
SqlConnection loginConn = new SqlConnection("server=localhost;"+ "Trusted_Connection=yes;" + "database=Production; " + "connection timeout=30");
SqlCommand cmd = new SqlCommand("Select *from User where Username=' " + this.Main_T_Username.Text + " ' and Password=' " + this.Main_T_Password.Text + " ' ;", loginConn);
//SqlCommand cmd = new SqlCommand("Select *from User where Username='@Username' and Password='@Password';", loginConn);
//cmd.Parameters.Add(new SqlParameter("Username", this.Main_T_Username.Text));
//cmd.Parameters.Add(new SqlParameter("Password", this.Main_T_Password.Text));
loginConn.Open();
SqlDataReader rdr = cmd.ExecuteReader();
string username = null;
if (rdr.HasRows)
{
while (rdr.Read())
{
username = rdr["Username"].ToString();
}
loginConn.Close();
MessageBox.Show("Well done!");
}
else
{
MessageBox.Show("WrongPass!");
loginConn.Close();
}
}
}
}
但我得到的错误是
Incorrect syntax near the keyword ‘User’
但该表称为用户,并且有用户名和密码列
Pic Of Database
“用户”是SQL Server中的 reserved word.要将其用作架构对象的标识符,请使用方括号将其括起来:SELECT * FROM [User]无论如何,使用模式对象标识符执行此操作通常是一种好习惯.它使它们在查询中更明确.
此外,您是:
>将用户输入直接连接为可执行代码,这是一个SQL注入漏洞.请改用查询参数.>将用户密码存储为纯文本,这对用户来说是非常不负责任的.用户密码应该用单向散列来模糊,并且永远不应该是可检索的.
声明:本文来自网络,不代表【好得很程序员自学网】立场,转载请注明出处:http://haodehen.cn/did69307