-4
using (SqlConnection conn = new SqlConnection())
{
conn.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\hp\documents\visual studio 2010\Projects\FinalProject\FinalProject\InfoEmp.mdf;Integrated Security=True;User Instance=True";
conn.Open();
SqlCommand comm = new SqlCommand("Select * from UserLog where Username = '" + txtUname.Text + "' and Password = '" + txtPword.Text + "' ;", conn);
SqlDataReader sdr;
sdr = comm.ExecuteReader();
while (sdr.Read())
{
if (comm.Equals(txtUname.Text) &&
comm.Equals(txtPword.Text))
{
using (frmMain frmmain = new frmMain())
{
this.Hide();
frmmain.ShowDialog();
}
}
else if (comm.Equals(txtUname.Text) &&
comm.Equals(txtPword.Text))
{
using (frmMain2 frmmain2 = new frmMain2())
{
this.Hide();
frmmain2.ShowDialog();
}
}
else if (txtPword.Text == "" && txtUname.Text == "")
{
MessageBox.Show("Please Fill in the blanks..");
}
else
{
MessageBox.Show("Please make sure that you have access of being admin");
}
}
conn.Close();
这是我的代码..为什么在别的,如果条件..他们只读取别人..请回答感谢如何从txtbox形式值传递到SQL表
你可以编辑你的文章...格式不正确显示 – 2015-02-07 07:24:47
这到底是什么? – 2015-02-07 07:34:49
[SQL注入警报](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - 你应该**不**连接你的SQL语句 - 使用**参数化查询**,而不是为了避免SQL注入 – 2015-02-07 07:44:56