版权声明:转载原创文章请以超链接形式请注明原文章出处,尊重作者,尊重原创!
恰饭广告
方法1:(sql语句的拼接)
注意:sql语句的拼接存在sql注入漏洞
主要代码:
//获取文本框中的值 string username = this.textBox1.Text.Trim(); string password = this.textBox2.Text.Trim(); string testDB = ConfigurationManager.ConnectionStrings["testDB"].ConnectionString; SqlConnection conn = new SqlConnection(testDB); conn.Open(); SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = "select * from T_login where username='"+username+"'and password='"+password+"'"; //select * from T_login where username='admin' and password='123456' //sql注入语句 ' or 1=1 -- ' //select * from T_login where username='' or 1=1 -- '' and password='' or 1=1 -- '' SqlDataReader dr = cmd.ExecuteReader(); if (username.Equals("") || password.Equals(""))//用户名或密码为空 { MessageBox.Show("用户名或密码不能为空"); } else { if (dr.Read()) { MessageBox.Show(username+ "登录成功"); } else { MessageBox.Show("登录失败"); } } conn.Close(); conn.Dispose();
方法2:(参数化sql语句)
主要代码:
//获取文本框中的值 string username = this.textBox1.Text.Trim(); string password = this.textBox2.Text.Trim(); string testDB = ConfigurationManager.ConnectionStrings["testDB"].ConnectionString; SqlConnection conn = new SqlConnection(testDB); try { conn.Open(); SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = "select * from T_login where username=@username and password=@password"; cmd.Parameters.AddWithValue("@username", username); cmd.Parameters.AddWithValue("@password", password); SqlDataReader dr = cmd.ExecuteReader(); if (username.Equals("") || password.Equals(""))//用户名或密码为空 { MessageBox.Show("用户名或密码不能为空"); } else { if (dr.Read()) { MessageBox.Show(dr[0] + "登录成功"); dr.Close(); } else { MessageBox.Show("登录失败"); } } } catch(Exception ex) { MessageBox.Show(ex.Message); } finally { conn.Close(); conn.Dispose(); }
方法3:(调用存储过程)
sql创建储存过程语句:
create proc up_login ( @username varchar(10), @password varchar(10) ) as select * from T_login where username=@username and password=@password
c#主要代码:
//获取文本框中的值 string username = this.textBox1.Text.Trim(); string password = this.textBox2.Text.Trim(); string testDB = ConfigurationManager.ConnectionStrings["testDB"].ConnectionString; SqlConnection conn = new SqlConnection(testDB); try { conn.Open(); SqlCommand cmd = new SqlCommand("up_login", conn); cmd.CommandType = CommandType.StoredProcedure; //通过存储过程的方式执行 cmd.Parameters.AddWithValue("@username", username); cmd.Parameters.AddWithValue("@password", password); SqlDataReader dr = cmd.ExecuteReader(); if (username.Equals("") || password.Equals(""))//用户名或密码为空 { MessageBox.Show("用户名或密码不能为空"); } else { if (dr.Read()) { MessageBox.Show(dr[0] + "登录成功"); dr.Close(); } else { MessageBox.Show("登录失败"); } } } catch (Exception ex) { MessageBox.Show(ex.Message); } finally { conn.Close(); conn.Dispose(); }
UI界面实现
SQL Server表结构
Form1.cs代码:
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; using System.Data.SqlClient; using System.Configuration; namespace LoginForm { public partial class Form1 : Form { public Form1() { InitializeComponent(); } private void button1_Click(object sender, EventArgs e) { //获取文本框中的值 string username = this.textBox1.Text.Trim(); string password = this.textBox2.Text.Trim(); string testDB = ConfigurationManager.ConnectionStrings["testDB"].ConnectionString; SqlConnection conn = new SqlConnection(testDB); conn.Open(); SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = "select * from T_login where username='"+username+"'and password='"+password+"'"; //select * from T_login where username='admin' and password='123456' //sql注入语句 ' or 1=1 -- ' //select * from T_login where username='' or 1=1 -- '' and password='' or 1=1 -- '' SqlDataReader dr = cmd.ExecuteReader(); if (username.Equals("") || password.Equals(""))//用户名或密码为空 { MessageBox.Show("用户名或密码不能为空"); } else { if (dr.Read()) { MessageBox.Show(username+ "登录成功"); } else { MessageBox.Show("登录失败"); } } conn.Close(); conn.Dispose(); } private void button2_Click(object sender, EventArgs e) { //获取文本框中的值 string username = this.textBox1.Text.Trim(); string password = this.textBox2.Text.Trim(); string testDB = ConfigurationManager.ConnectionStrings["testDB"].ConnectionString; SqlConnection conn = new SqlConnection(testDB); try { conn.Open(); SqlCommand cmd = conn.CreateCommand(); cmd.CommandText = "select * from T_login where username=@username and password=@password"; cmd.Parameters.AddWithValue("@username", username); cmd.Parameters.AddWithValue("@password", password); SqlDataReader dr = cmd.ExecuteReader(); if (username.Equals("") || password.Equals(""))//用户名或密码为空 { MessageBox.Show("用户名或密码不能为空"); } else { if (dr.Read()) { MessageBox.Show(dr[0] + "登录成功"); dr.Close(); } else { MessageBox.Show("登录失败"); } } } catch(Exception ex) { MessageBox.Show(ex.Message); } finally { conn.Close(); conn.Dispose(); } } private void button3_Click(object sender, EventArgs e) { //获取文本框中的值 string username = this.textBox1.Text.Trim(); string password = this.textBox2.Text.Trim(); string testDB = ConfigurationManager.ConnectionStrings["testDB"].ConnectionString; SqlConnection conn = new SqlConnection(testDB); try { conn.Open(); SqlCommand cmd = new SqlCommand("up_login", conn); cmd.CommandType = CommandType.StoredProcedure; //通过存储过程的方式执行 cmd.Parameters.AddWithValue("@username", username); cmd.Parameters.AddWithValue("@password", password); SqlDataReader dr = cmd.ExecuteReader(); if (username.Equals("") || password.Equals(""))//用户名或密码为空 { MessageBox.Show("用户名或密码不能为空"); } else { if (dr.Read()) { MessageBox.Show(dr[0] + "登录成功"); dr.Close(); } else { MessageBox.Show("登录失败"); } } } catch (Exception ex) { MessageBox.Show(ex.Message); } finally { conn.Close(); conn.Dispose(); } } } }
GitHub源码下载:https://github.com/kiritobin/ThreeLoginWay
原文链接:https://www.idaobin.com/archives/1045.html
让我恰个饭吧.ヘ( ̄ω ̄ヘ)
恰饭广告