---------------------- Windows Phone 7手机开发、.Net培训、期待与您交流! ----------------------
登录判断:select * from T_Users where UserName=... and
Password=...,将参数拼到SQL语句中。
Console.WriteLine("请输入用户名!");
string userName = Console.ReadLine ();
Console.WriteLine("请输入密码!");
string pass = Console.ReadLine();
string str = "Data Source=B048;Initial Catalog=Text;Integrated Security=True";
using (SqlConnection conn = new SqlConnection(str))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select count(*) from Person where Name ='" + userName+ "' and Password = '"+pass+"'";
int i = Convert.Toint32(cmd.ExecuteScalar());
if(i>0)
{
Console.WriteLine("登陆成功!");
}
else
{
Console.WriteLine("用户名或密码错误,登陆失败!");
}
}
}
Console.WriteLine("OK");
Console.ReadLine();
注:上述程序有漏洞,则(用户名可随意输入,密码:1'or '1' = '1 则可成功登陆)。
避免漏洞输入 代码:
Console.WriteLine("请输入用户名!");
string userName = Console.ReadLine ();
Console.WriteLine("请输入密码!");
string pass = Console.ReadLine();
string str = "Data Source=(local);Initial Catalog=Text;Integrated Security=True";
using (SqlConnection conn = new SqlConnection(str))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
cmd.CommandText = "select * from Person where Name = @userName and Password = @pass";
cmd.Parameters.Add(new sqlParameter("userName",userName));
cmd.Parameters.Add(new sqlParameter("pass",pass));
int i = Convert.Toint32(cmd.ExecuteScalar());
if(i>0)
{
Console.WriteLine("登陆成功!");
}
else
{
Console.WriteLine("用户名或密码错误,登陆失败!");
}
}
}
Console.WriteLine("OK");
Console.ReadLine();
---------------------- Windows Phone 7手机开发、.Net培训、期待与您交流! ---------------------- 详细请查看:http://net.itheima.com/