C# sql用户检测无法正常工作
我无法让我的程序检测管理员用户。我已经创建了一个登录系统,但是当管理员登录时,它跳过sql查询并继续打开一个用户屏幕,而不是管理员。当用户注册时,他们会看到一对单选按钮来选择他们的用户类型。根据选择的用户类型,用户类型admin或User将写入数据库中的User列中。这是我的密码:C# sql用户检测无法正常工作,c#,sql,sql-server,winforms,C#,Sql,Sql Server,Winforms,我无法让我的程序检测管理员用户。我已经创建了一个登录系统,但是当管理员登录时,它跳过sql查询并继续打开一个用户屏幕,而不是管理员。当用户注册时,他们会看到一对单选按钮来选择他们的用户类型。根据选择的用户类型,用户类型admin或User将写入数据库中的User列中。这是我的密码: using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using System.Windows.Forms;
using System.Data.SqlClient;
using System.Data.SqlTypes;
namespace myLoginProject
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
SqlConnection connection = new SqlConnection(@"server=.\SQLEXPRESS; database=loginTest;Trusted_Connection=yes");
connection.Open();
string selection = "select * from Logins where Name = '" + userNameBox.Text + "' and Password = '" + passwordBox.Text + "' ";
SqlCommand command = new SqlCommand(selection, connection);
SqlDataAdapter da = new SqlDataAdapter(command);
DataSet ds = new DataSet();
da.Fill(ds);
DataTable dt = ds.Tables[0];
}
private void registerButton_Click(object sender, EventArgs e)
{
adminAuthScreen aas = new adminAuthScreen();
aas.Show();
}
private int myMethod(string user, string pass)
{
user.Trim();
pass.Trim();
SqlConnection connection = new SqlConnection(@"server=.\SQLEXPRESS; database=loginTest;Trusted_Connection=yes");
connection.Open();
string selection = "select * from Logins where Name = '"+user+"' and Password = '"+pass+"' ";
SqlCommand command = new SqlCommand(selection, connection);
if (command.ExecuteScalar() != null)
return 1;
else
return 0;
}
private void loginButton_Click(object sender, EventArgs e)
{
if (myMethod(userNameBox.Text,passwordBox.Text)>0)
{
MessageBox.Show("Welcome back, "+userNameBox.Text);
SqlConnection myConnection = new SqlConnection(@"server=.\SQLEXPRESS; database=loginTest;Trusted_Connection=yes");
try
{
myConnection.Open();
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
string checkAdmin1 = "SELECT * FROM Logins WHERE Name = '"+userNameBox.Text+"' AND User='Admin'";
SqlCommand checkIfAdmin = new SqlCommand(checkAdmin1, myConnection);
if (checkIfAdmin.ExecuteScalar() != null)
{
adminScreen admnscrn = new adminScreen();
admnscrn.Show();
}
else
{
userScreen usrscrn = new userScreen();
usrscrn.Show();
}
}
}
public SqlConnection connection { get; set; }
}
}
private void loginButton_Click(object sender, EventArgs e)
{
if (myMethod(userNameBox.Text,passwordBox.Text)>0)
{
MessageBox.Show("Welcome back, "+userNameBox.Text);
SqlConnection myConnection = new SqlConnection(@"server=.\SQLEXPRESS; database=loginTest;Trusted_Connection=yes");
try
{
myConnection.Open();
}
catch (Exception ex)
{
MessageBox.Show(ex.ToString());
}
string checkAdmin1 = "SELECT * FROM Logins WHERE Name = '"+userNameBox.Text+"' AND User='Admin'";
SqlCommand checkIfAdmin = new SqlCommand(checkAdmin1, myConnection);
if (checkIfAdmin.ExecuteScalar() != null)
{
adminScreen admnscrn = new adminScreen();
admnscrn.Show();
}
else
{
userScreen usrscrn = new userScreen();
usrscrn.Show();
}
}
}
另外,这是一个winforms应用程序,用C编写,将在一台计算机上运行。我认为@canon意味着你应该使用参数化查询。行:string checkAdmin1=SELECT*来自登录名,其中Name='+userNameBox.Text+'和User='Admin';例如,打开SQL注入。好的,但如何解决问题。它不会检测用户类型,只是跳转到else语句。您是否查看了数据库以确保user列中存在值“Admin”?@tonyb,因为user是保留关键字。