Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/319.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181

Warning: file_get_contents(/data/phpspider/zhask/data//catemap/5/sql/84.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
无法连接到数据库C#_C#_Sql_Database_Connection String - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • 无法连接到数据库C#

无法连接到数据库C#

c# sql database

无法连接到数据库C#,c#,sql,database,connection-string,C#,Sql,Database,Connection String,我一直试图通过App.config中的连接字符串连接到我的MS Sql数据库,但由于某些原因,它无法登录,我似乎无法理解 这是我的连接方式: public void Con() { string userName = userNameBox.Text; string passWord = passWordBox.Text; bool loginFail; SqlConnection Conn = new SqlConnecti

我一直试图通过App.config中的连接字符串连接到我的MS Sql数据库,但由于某些原因,它无法登录,我似乎无法理解

这是我的连接方式:

public void Con()
{

        string userName = userNameBox.Text;
        string passWord = passWordBox.Text;

        bool loginFail;

        SqlConnection Conn = new SqlConnection(ConfigurationManager.ConnectionStrings["lagerConn"].ConnectionString);

        //Search Connstring for User ID= & Password= and replace with username and password from Textboxes
        if (_Connstring.Contains("User ID="))
        {
            _Connstring = _Connstring.Replace("User ID=;", "User ID=" + userName + ";");

        }
        if (_Connstring.Contains("Password="))
        {
            _Connstring = _Connstring.Replace("Password=", "Password='" + passWord + "'");
        }

        try
        {
            Conn.Open();
            Conn.Close();
            loginFail = false;
        }catch
        {
            MessageBox.Show("Login Failed");
            loginFail = true;
        }
        if(loginFail == false) //If login is successful it will change to the next form and hide the Connect form
        {
            mainMenu secondForm = new mainMenu();
            secondForm.Show();
            this.Hide();

        }

    }`
这是我的App.config

        <add name="lagerConn" connectionString="Data Source=LagerServer;Initial Catalog=LagerDB;Persist Security Info=True;User ID=;Password="
        providerName="System.Data.SqlClient" />
</connectionStrings>

试试:


string userName = userNameBox.Text;
string passWord = passWordBox.Text;
string connStr = ConfigurationManager.ConnectionStrings["lagerConn"].ConnectionString;
connStr = connStr.Replace("User ID=;", "User ID=" + userName + ";");
connStr = connStr.Replace("Password=", "Password='" + passWord + "'");
bool loginFail = false;
try{
    using (SqlConnection Conn = new SqlConnection(connStr){
       loginFail true;
    }
}
catch (SqlConnection sqlEx){
   //already false
}



是的,当心sql注入攻击
 首先,您不应在文本框中写入UserID和Password,而应在连接字符串中静态写入它们。异常告诉您用户“”的一切->登录失败。您没有在文本框中写入正确的用户或密码。
在连接字符串中输入空的用户ID和密码字段毫无意义。只需将它们完全排除在外,并将那些毫无意义的
持久化安全信息也去掉。使用连接字符串生成器,例如


SqlConnection builder = new SqlConnectionStringBuilder(ConfigurationManager.ConnectionStrings["lagerConn"].ConnectionString);

builder.UserID = userID;
builder.Password = password;

SqlConnection connection = new SqlConnection(builder.ConnectionString);



之后,不要只提供一般性错误消息,而忽略系统提供的信息。查看异常,它会告诉您出了什么问题。
您应该始终使用。这种类型的字符串连接对攻击是开放的。不要将密码存储为纯文本。将哈希函数用作SHA-512。您能告诉我们您在连接时收到的异常情况吗这里是异常情况,您应该在问题中包含该异常作为编辑,以方便检查
http://www.connectionstrings.com/sql-server/
这帮了我大忙,非常感谢,我还有很长的路要走,显然呵呵。