如何在寡妇形式的应用程序中进行验证？

编程入门行业动态更新时间:2024-10-06 10:40:57

本文介绍了如何在寡妇形式的应用程序中进行验证？的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！问题描述

（我希望当我输入用户名和密码时，如果用户名和密码存在于数据库表中，则只允许登录）

private void button1_Click_1（ object sender，EventArgs e） { SqlConnection con = new SqlConnection（）; con.ConnectionString = @ data source = ABHINAV-PC\ABHI; integrated security = true; initial目录= ATM; con.Open（）; SqlDataAdapter ds = new SqlDataAdapter（ select *来自adminlogin WHERE UserName =' + textBox1.Text + 'and Password =' + textBox2.Text + '，con）; if （（textBox1.Text == ）||（textBox2.Text == ）） { MessageBox.Show（请输入用户名和密码）; } 如果（ds.Equals（con）== true ） { Administrator_Home ah = new Administrator_Home（）; 啊.Show（）; } else MessageBox.Show（无效的用户名或密码）; }

解决方案

转到错误提供程序 [ ^ ]。查看完整文章： Windows应用程序窗体中的错误提供程序控件 [ ^ ] -KR

不，您的代码难以接受。您将密码存储在数据库中并将其与输入进行比较。这是不好的。在任何地方存储密码都是不安全的，根本不需要。惊讶？不同意？那么请看我过去的答案：我已经加密了我的密码，但是当我登录时给了我一个错误。如何解密 [ ^ ] ，存储密码值具有安全方式的int sql server [ ^ ]，解密加密密码 [ ^ ]。另一件原则上不好的事情是你通过串联来自UI的字符串组成的查询。你有没有听说过 SQL Injection 这个非常基本的漏洞？这是怎么回事： xkcd/327 [ ^ ]。另请参阅： http：/ /en.wikipedia/wiki/SQL_injection [ ^ ]。请查看我过去的答案： EROR IN com.ExecuteNonQuery（）; [ ^ ]，你的名字没有显示名称？ [ ^ ]。你真的需要使用参数化语句： msdn.microsoft/en-us/library/ff648339.aspx [ ^ ]。

-SA

(I want that when i am entering user name and password it should only allow to login if the username and password is present the database table)

private void button1_Click_1(object sender, EventArgs e) { SqlConnection con = new SqlConnection(); con.ConnectionString=@"data source=ABHINAV-PC\ABHI;integrated security=true;initial catalog=ATM"; con.Open(); SqlDataAdapter ds = new SqlDataAdapter("select * from adminlogin WHERE UserName='" + textBox1.Text + "' and Password='" + textBox2.Text + "'", con); if ((textBox1.Text == "") || (textBox2.Text == "")) { MessageBox.Show("please enter username and password"); } if (ds.Equals(con)==true) { Administrator_Home ah = new Administrator_Home(); ah.Show(); } else MessageBox.Show("invalid username or password"); }

解决方案

Go for Error Provider[^]. See the complete article : Error Provider Control in Windows Application Form[^] -KR

No, your code is hardly acceptable. You are storing password in the database and compare it with input. This is bad. Storing a password anywhere is unsafe and is not needed at all. Surprised? Disagree? Then please see my past answers: i already encrypt my password but when i log in it gives me an error. how can decrypte it[^], storing password value int sql server with secure way[^], Decryption of Encrypted Password[^]. Another thing which is bad in principle is your query which you compose by concatentation with strings from UI. Didn't you ever heard of the very elementary exploit called "SQL Injection"? This is how: xkcd/327[^]. See also: en.wikipedia/wiki/SQL_injection[^]. Please see my past answers: EROR IN UPATE in com.ExecuteNonQuery();[^], hi name is not displaying in name?[^]. You really need to use parametrized statements: msdn.microsoft/en-us/library/ff648339.aspx[^].