为什么我的登录表单允许用户使用正确的USERNAME但错误的PASSWORD登录?

时间:2019-12-11 07:18:58

标签: c# authentication 

private void button1_Click(object sender, EventArgs e)
{
    SqlConnection con = new SqlConnection(Sqlconnection.connectionString);
    SqlCommand cmd = new SqlCommand("select * from tbllogin where @username='" + txtname.Text + "' and @password='" + txtpass.Text + "'");
    cmd.Parameters.AddWithValue("@username", txtname.Text);
    cmd.Parameters.AddWithValue("@password", txtpass.Text);
    cmd.Connection = con;
    con.Open();
    SqlDataReader dr = cmd.ExecuteReader();
    if (dr.HasRows)
    {

        MessageBox.Show("Login  Successfully. ..!");
        main m = new main();
        this.Hide();
        m.Show();
    }
 else
    {
       MessageBox.Show("Login Failed....!");
    }
    con.Close();

}

1 个答案:

答案 0 :(得分:0)

检查您的SELECT语句:

SqlCommand cmd = new SqlCommand("select * from tbllogin where username=@username and password=@password");
相关问题
最新问题