无法连接到数据库C#
我一直试图通过App.config中的连接字符串连接到我的MS Sql数据库,但由于某些原因,它无法登录,我似乎无法理解 这是我的连接方式:无法连接到数据库C#,c#,sql,database,connection-string,C#,Sql,Database,Connection String,我一直试图通过App.config中的连接字符串连接到我的MS Sql数据库,但由于某些原因,它无法登录,我似乎无法理解 这是我的连接方式: public void Con() { string userName = userNameBox.Text; string passWord = passWordBox.Text; bool loginFail; SqlConnection Conn = new SqlConnecti
public void Con()
{
string userName = userNameBox.Text;
string passWord = passWordBox.Text;
bool loginFail;
SqlConnection Conn = new SqlConnection(ConfigurationManager.ConnectionStrings["lagerConn"].ConnectionString);
//Search Connstring for User ID= & Password= and replace with username and password from Textboxes
if (_Connstring.Contains("User ID="))
{
_Connstring = _Connstring.Replace("User ID=;", "User ID=" + userName + ";");
}
if (_Connstring.Contains("Password="))
{
_Connstring = _Connstring.Replace("Password=", "Password='" + passWord + "'");
}
try
{
Conn.Open();
Conn.Close();
loginFail = false;
}catch
{
MessageBox.Show("Login Failed");
loginFail = true;
}
if(loginFail == false) //If login is successful it will change to the next form and hide the Connect form
{
mainMenu secondForm = new mainMenu();
secondForm.Show();
this.Hide();
}
}`
这是我的App.config
<add name="lagerConn" connectionString="Data Source=LagerServer;Initial Catalog=LagerDB;Persist Security Info=True;User ID=;Password="
providerName="System.Data.SqlClient" />
</connectionStrings>
试试:
string userName = userNameBox.Text;
string passWord = passWordBox.Text;
string connStr = ConfigurationManager.ConnectionStrings["lagerConn"].ConnectionString;
connStr = connStr.Replace("User ID=;", "User ID=" + userName + ";");
connStr = connStr.Replace("Password=", "Password='" + passWord + "'");
bool loginFail = false;
try{
using (SqlConnection Conn = new SqlConnection(connStr){
loginFail true;
}
}
catch (SqlConnection sqlEx){
//already false
}
是的,当心sql注入攻击 首先,您不应在文本框中写入UserID和Password,而应在连接字符串中静态写入它们。异常告诉您用户“”的一切->登录失败。您没有在文本框中写入正确的用户或密码。在连接字符串中输入空的用户ID和密码字段毫无意义。只需将它们完全排除在外,并将那些毫无意义的持久化安全信息也去掉。使用连接字符串生成器,例如
SqlConnection builder = new SqlConnectionStringBuilder(ConfigurationManager.ConnectionStrings["lagerConn"].ConnectionString);
builder.UserID = userID;
builder.Password = password;
SqlConnection connection = new SqlConnection(builder.ConnectionString);
之后,不要只提供一般性错误消息,而忽略系统提供的信息。查看异常,它会告诉您出了什么问题。您应该始终使用。这种类型的字符串连接对攻击是开放的。不要将密码存储为纯文本。将哈希函数用作SHA-512。您能告诉我们您在连接时收到的异常情况吗这里是异常情况,您应该在问题中包含该异常作为编辑,以方便检查http://www.connectionstrings.com/sql-server/
这帮了我大忙,非常感谢,我还有很长的路要走,显然呵呵。