【发布时间】:2014-11-09 10:07:08
【问题描述】:
我想用 C# 创建一个登录表单。如果用户名和密码正确,我不会收到错误消息,但如果错误,则会在此行中收到错误消息:
int count = Convert.ToInt32(cmd.ExecuteScalar().ToString());
登录表单代码:
if (textBox1.Text != "" & textBox2.Text != "")
{
conn.Open();
SqlCeCommand cmd = new SqlCeCommand("SELECT id FROM users WHERE Login = '" + textBox1.Text + "' AND Password = '" + textBox2.Text + "'", conn);
int count = Convert.ToInt32(cmd.ExecuteScalar().ToString());
if (count > 0)
{
SqlCeDataReader reader = cmd.ExecuteReader();
reader.Read();
int logged_id = Convert.ToInt16(reader["id"]);
SqlCeCommand cmd1 = new SqlCeCommand("SELECT Login, Sex, Weight, Height, Age, PhyActi FROM vartotojai WHERE ID = '"+ logged_id +"'",conn);
SqlCeDataReader reader1 = cmd1.ExecuteReader();
reader1.Read();
textBox9.Text = Convert.ToString(reader1["Sex"]);
textBox10.Text = Convert.ToString(reader1["Weight"]);
textBox12.Text = Convert.ToString(reader1["Height"]);
textBox11.Text = Convert.ToString(reader1["Age"]);
textBox13.Text = Convert.ToString(reader1["Phyacti"]);
panel1.Visible = false;
dataGridView1.Visible = false;
MessageBox.Show("Loggen In!");
toolStripStatusLabel1.Text = "Welcome, " + Convert.ToString(reader1["Login"]);
}
else
MessageBox.Show("User Not Found!");
conn.Close();
}
【问题讨论】:
-
这是因为如果用户名和密码不匹配,您的查询将不会返回任何内容
-
尝试在查询中使用计数 SqlCeCommand cmd = new SqlCeCommand("SELECT Count(id) FROM users WHERE Login = '" + textBox1.Text + "' AND Password = '" + textBox2.Text + " '", conn);
-
究竟是什么错误?
cmd.ExecuteScalar()返回的值是多少?你的CurrentCulture是什么?而且您应该始终使用parameterized queries。这种字符串连接对SQL Injection 攻击开放。使用 using 语句 来处理您的数据库连接和对象。请不要将您的密码存储为纯文本。 -
另外,尽管这里确实不相关,但请查看
&和&&之间的区别
标签: c# sql database executescalar