我创造了C#桌面应用程序,其中我的代码是:数据未从文本框transfering查询
private void btnLogin_Click(object sender, EventArgs e)
{
if (clsFunctions.recordExist("SELECT AtNumConstructorID, TxtConstructorName AS Fullname FROM tblConstructorDetails WHERE txtUserName = '" + txtUserName.Text + "' AND TxtPassword LIKE '" + txtPassword.Text + "' ", "tblConstructorDetails") == true)
{
clsVariables._sTimeLogin = DateTime.Now.ToLongTimeString();//recording the time of login in the CES
long totalRow = 0;
//Set the Data Adapter
OleDbDataAdapter da = new OleDbDataAdapter("select AtNumConstructorID, TxtConstructorName AS Fullname, tblConstructorDetails.txtUserName FROM tblConstructorDetails WHERE txtUserName =" + txtUserName.Text, clsConnections._olbedbCN);
DataSet ds = new DataSet(); // creating a dataset to enter the values in the dataadapter
da.Fill(ds, "tblConstructorDetails");
totalRow = ds.Tables["tblConstructorDetails"].Rows.Count - 1;
clsVariables._sContId = Convert.ToInt32(ds.Tables["tblConstructorDetails"].Rows[0].ItemArray.GetValue(0));
clsVariables._sConstructor = ds.Tables["tblConstructorDetails"].Rows[0].ItemArray.GetValue(1).ToString();
clsVariables._sUserID = ds.Tables["tblConstructorDetails"].Rows[0].ItemArray.GetValue(2).ToString();
clsUserLogs.RecordLogin(clsVariables._sTimeLogin, clsVariables._sContId);
clsApplication._boolAPP_CONNECTED = true;
this.Close();
}
}
注:clsFunctions:所有的常用功能都写 recordexist类:函数,返回如果记录可用,则为true。
对于recordexist,我提供了一个查询。从文本框中的数据不会被转移到 查询,我可以做出来的,为什么它正在发生...请帮助SOS ......
您正在对密码进行“比较”? WTF?如果有人输入'%',他们将能够以任何他们想要的用户身份登录。 – 2010-10-19 10:17:27
这个代码错误的原因很多。没有参数化的SQL,没有数据集空检查等等等 – RPM1984 2010-10-19 10:35:02
@ klausbyskov:这只是一个演示代码,我试过如果它可以用%字符运行.... – 2010-10-22 09:46:09