获取mysql的密码,如何从数据库中读取用户名和密码

i have login form,i want to check username and password from database.when i give the Submit i am getting error that is "ExcuteReader:Connction Proprty has not been initialized"

What I have tried:

private void btnOK_Click(object sender, EventArgs e)

{

if (txtUserName.Text == "")

{

MessageBox.Show("Please enter user name", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);

txtUserName.Focus();

return;

}

if (txtPassword.Text == "")

{

MessageBox.Show("Please enter password", "Error", MessageBoxButtons.OK, MessageBoxIcon.Error);

txtPassword.Focus();

return;

}

try

{

SqlConnection con = new SqlConnection("Data Source=ADMIN;Initial Catalog=SIS;Persist Security Info=True;User ID=sa;Password=admin@123");

SqlCommand cmd=new SqlCommand("Select Username,User_Password from User_TB where username='"+txtUserName.Text+"' and password='"+txtPassword+"'");

SqlDataReader dr=cmd.ExecuteReader();

if(dr.Read()==true)

{

int i;

ProgressBar1.Visible = true;

ProgressBar1.Maximum = 5000;

ProgressBar1.Minimum = 0;

ProgressBar1.Value = 4;

ProgressBar1.Step = 1;

for (i = 0; i <= 5000; i++)

{

ProgressBar1.PerformStep();

}

this.Hide();

frmMainMenu frm = new frmMainMenu();

frm.Show();

frm.lblUser.Text = txtUserName.Text;

}

解决方案The number of things wrong with this... :sigh:

Let's start with the ones you don't know about!

1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This is really important at all times, but for a login form it's absolutely vital, as it means the user doesn't even have to be logged in to destroy your database...he can do it by typing in the "username" textbox!

2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

3) Never use the "sa" user in SQL: he has full permissions and is the default when SQL server is installed. So he is the first user anyone tries in order to steal or damage data. Set up a user which has just enough permission for your app to work, and use that instead. At the very minimum, change the damn password!

4) You will never see anything happen on your progress bar, because it's on the same thread - and it will only get displayed when the click event handler exits.

5) SqlConnection, SqlCommand, and so forth are scarce resources - you need to dispose of them properly when you are finished, or your app will crash when it runs out.

A using block is the best way as it disposes of teh resource when teh object goes out of scope.

Now the one you noticed!

Look at the error message:

ExcuteReader:Connction Proprty has not been initialized

Now look at your code:

SqlConnection con = new SqlConnection("...");

SqlCommand cmd=new SqlCommand("Select ...");

SqlDataReader dr=cmd.ExecuteReader();

You don't pass the SqlConnection to the SqlCommand!

Try:

using (SqlCommand cmd=new SqlCommand("Select ...", con))

{

...

}And one other thing: Open the connection before you try to use it!

评论
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值