//Info.mdf是数据库名,其中Name、Password是T_admin表中字段 ,第三种登录方式最好!!!!
string name = txtName.Text.Trim();
string pwd = txtPwd.Text.Trim();
using (SqlConnection conn = new SqlConnection(@"Data source=.\SQLEXPRESS;AttachDBFilename=|DataDirectory|\Info.mdf;Integrated Security=True;User Instance=True"))
{
conn.Open();
using (SqlCommand cmd = conn.CreateCommand())
{
//+++++++++++登录代码++++++++++++
}
}
//第一种登录方式
cmd.CommandText = "select * from T_admin where Name='" + name + "'";
using (SqlDataReader reader = cmd.ExecuteReader())
{
if (reader.Read())
{
string dbpwd = reader.GetString(reader.GetOrdinal("Password"));
if (dbpwd == pwd)
{
MessageBox.Show("登录成功!");
}
else
{
MessageBox.Show("用户名或密码错误");
}
}
else
{
MessageBox.Show("用户名或密码错误");
}
}
//第二种登录方式 输入 1'or'1'='1 造成SQL漏洞攻击
cmd.CommandText = "select count(*) from T_admin where Name='" + name + "'and Password='" + pwd + "'";
int i = Convert.ToInt32(cmd.ExecuteScalar());
if (i > 0)
{
MessageBox.Show("登录成功!");
}
else
{
MessageBox.Show("用户名或密码错误");
}
//第三种登录方式
cmd.CommandText = "select count(*) from T_admin where Name=@name and Password=@pwd";
cmd.Parameters.Add(new SqlParameter("name", name));
cmd.Parameters.Add(new SqlParameter("pwd", pwd));
int i = Convert.ToInt32(cmd.ExecuteScalar());
if (i > 0)
{
MessageBox.Show("登录成功!");
}
else
{
MessageBox.Show("用户名或密码错误");
}