如何在 C# 中 improve/simplify 用户登录 SELECT * FROM MySQL?
How can i improve/simplify user login SELECT * FROM MySQL in C#?
我的问题是如何简化或改进这段代码?它有效,但我觉得我放了很多不必要的代码,或者我觉得我做错了什么。我正在为营养学家创建用户登录。预先感谢您的回复。
private void btnLogin_Click(object sender, EventArgs e)
{
if (tbUser.Text == "")
{
MessageBox.Show("Please input user name.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (tbPassword.Text == "")
{
MessageBox.Show("Please input password name.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
if (SQL.ConnectionOpen() == true)
{
Query = "SELECT * FROM users WHERE user_name = '" + tbUser.Text + "' AND password = '" + tbPassword.Text + "'";
SQL.Command = new MySqlCommand(Query, SQL.Conexion);
SQL.Reader = SQL.Command.ExecuteReader();
if (SQL.Reader.Read() == true)
{
frmMain Main = new frmMain();
Main.Show();
tbUser.Clear();
tbPassword.Clear();
SQL.Reader.Dispose();
SQL.Command.Dispose();
SQL.Reader.Close();
SQL.ConnectionClose();
this.Hide();
}
else
{
MessageBox.Show("User or password incorrect.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
SQL.Reader.Dispose();
SQL.Command.Dispose();
SQL.Reader.Close();
SQL.ConnectionClose();
}
}
}
}
这是 SQL class,我正在为我的数据库使用 MySQL:
using System;
using MySql.Data;
using MySql.Data.MySqlClient;
using System.Windows.Forms;
namespace NutriHelp
{
public class SQL
{
public static MySqlConnection Connection = new MySqlConnection("SERVER=localhost;DATABASE=nutrihelp;UID=root;PASSWORD=1234;");
public static MySqlDataReader Reader;
public static MySqlCommand Command;
public static bool ConnectionOpen()
{
try
{
Connection.Open();
return true;
}
catch (MySqlException ex)
{
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator.");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again.");
break;
}
return false;
}
}
public static bool ConnectionClose()
{
try
{
Connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
}
}
我也在做插入、更新,也许还有一些删除。
UPDATE 我想我改进了我使用 Parameters
和 Base64Encode
我不想做一个非常复杂的加密,比如 Salt
和 Hash
加密,因为它是一组营养学家的简单软件。
尽管这是我的 "improve" 代码,有点像:
private void btnLogin_Click(object sender, EventArgs e)
{
string strUser = tbUser.Text;
string strPassword = tbPassword.Text;
if (tbUser.Text == "")
{
MessageBox.Show("Please input username", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (tbPassword.Text == "")
{
MessageBox.Show("Please input password", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
if (SQL.ConnectionOpen() == true)
{
SQL.Command = new MySqlCommand();
SQL.Command.CommandText = "SELECT * FROM user WHERE username=@username AND password=@password;";
SQL.Command.Parameters.AddWithValue("@username", strUser);
SQL.Command.Parameters.AddWithValue("@password", Base64Encode(strPassword));
SQL.Command.Connection = SQL.Connection;
SQL.Reader = SQL.Command.ExecuteReader();
if (SQL.Reader.Read())
{
frmMain Main = new frmMain();
this.Hide();
Main.ShowDialog();
tbUser.Clear();
tbPassword.Clear();
SQL.CleanConnection();
SQL.ConnectionClose();
this.Close();
}
else
{
MessageBox.Show("User or password are incorrect", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
SQL.CleanConnection();
SQL.ConnectionClose();
}
}
}
}
SQL Class:
public class SQL
{
public static MySqlConnection Connection = new MySqlConnection("SERVER=localhost;DATABASE=nutrihelp;UID=root;PASSWORD=somepassword;");
public static MySqlDataReader Reader;
public static MySqlCommand Command;
public static bool ConnectionOpen()
{
try
{
Connection.Open();
return true;
}
catch (MySqlException ex)
{
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator.");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again.");
break;
}
return false;
}
}
public static bool ConnectionClose()
{
try
{
Connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
public static void CleanConnection()
{
Reader.Dispose();
Command.Dispose();
Reader.Close();
}
}
感谢@Tony Tom 和@Soumen Mukherjee 的建议。
不是传递内联查询,而是在 mysql 数据库中创建一个存储过程,并将参数作为 sqlcommand 参数传递。
https://www.w3schools.com/sql/sql_stored_procedures.asp
并且您应该始终将密码以加密形式存储在数据库中,这样当用户输入密码时,您必须对其进行加密并与数据库中的密码进行比较。
How do I encode and decode a base64 string?
我的问题是如何简化或改进这段代码?它有效,但我觉得我放了很多不必要的代码,或者我觉得我做错了什么。我正在为营养学家创建用户登录。预先感谢您的回复。
private void btnLogin_Click(object sender, EventArgs e)
{
if (tbUser.Text == "")
{
MessageBox.Show("Please input user name.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (tbPassword.Text == "")
{
MessageBox.Show("Please input password name.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
if (SQL.ConnectionOpen() == true)
{
Query = "SELECT * FROM users WHERE user_name = '" + tbUser.Text + "' AND password = '" + tbPassword.Text + "'";
SQL.Command = new MySqlCommand(Query, SQL.Conexion);
SQL.Reader = SQL.Command.ExecuteReader();
if (SQL.Reader.Read() == true)
{
frmMain Main = new frmMain();
Main.Show();
tbUser.Clear();
tbPassword.Clear();
SQL.Reader.Dispose();
SQL.Command.Dispose();
SQL.Reader.Close();
SQL.ConnectionClose();
this.Hide();
}
else
{
MessageBox.Show("User or password incorrect.", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
SQL.Reader.Dispose();
SQL.Command.Dispose();
SQL.Reader.Close();
SQL.ConnectionClose();
}
}
}
}
这是 SQL class,我正在为我的数据库使用 MySQL:
using System;
using MySql.Data;
using MySql.Data.MySqlClient;
using System.Windows.Forms;
namespace NutriHelp
{
public class SQL
{
public static MySqlConnection Connection = new MySqlConnection("SERVER=localhost;DATABASE=nutrihelp;UID=root;PASSWORD=1234;");
public static MySqlDataReader Reader;
public static MySqlCommand Command;
public static bool ConnectionOpen()
{
try
{
Connection.Open();
return true;
}
catch (MySqlException ex)
{
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator.");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again.");
break;
}
return false;
}
}
public static bool ConnectionClose()
{
try
{
Connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
}
}
我也在做插入、更新,也许还有一些删除。
UPDATE 我想我改进了我使用 Parameters
和 Base64Encode
我不想做一个非常复杂的加密,比如 Salt
和 Hash
加密,因为它是一组营养学家的简单软件。
尽管这是我的 "improve" 代码,有点像:
private void btnLogin_Click(object sender, EventArgs e)
{
string strUser = tbUser.Text;
string strPassword = tbPassword.Text;
if (tbUser.Text == "")
{
MessageBox.Show("Please input username", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else if (tbPassword.Text == "")
{
MessageBox.Show("Please input password", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
if (SQL.ConnectionOpen() == true)
{
SQL.Command = new MySqlCommand();
SQL.Command.CommandText = "SELECT * FROM user WHERE username=@username AND password=@password;";
SQL.Command.Parameters.AddWithValue("@username", strUser);
SQL.Command.Parameters.AddWithValue("@password", Base64Encode(strPassword));
SQL.Command.Connection = SQL.Connection;
SQL.Reader = SQL.Command.ExecuteReader();
if (SQL.Reader.Read())
{
frmMain Main = new frmMain();
this.Hide();
Main.ShowDialog();
tbUser.Clear();
tbPassword.Clear();
SQL.CleanConnection();
SQL.ConnectionClose();
this.Close();
}
else
{
MessageBox.Show("User or password are incorrect", "Login", MessageBoxButtons.OK, MessageBoxIcon.Error);
SQL.CleanConnection();
SQL.ConnectionClose();
}
}
}
}
SQL Class:
public class SQL
{
public static MySqlConnection Connection = new MySqlConnection("SERVER=localhost;DATABASE=nutrihelp;UID=root;PASSWORD=somepassword;");
public static MySqlDataReader Reader;
public static MySqlCommand Command;
public static bool ConnectionOpen()
{
try
{
Connection.Open();
return true;
}
catch (MySqlException ex)
{
switch (ex.Number)
{
case 0:
MessageBox.Show("Cannot connect to server. Contact administrator.");
break;
case 1045:
MessageBox.Show("Invalid username/password, please try again.");
break;
}
return false;
}
}
public static bool ConnectionClose()
{
try
{
Connection.Close();
return true;
}
catch (MySqlException ex)
{
MessageBox.Show(ex.Message);
return false;
}
}
public static void CleanConnection()
{
Reader.Dispose();
Command.Dispose();
Reader.Close();
}
}
感谢@Tony Tom 和@Soumen Mukherjee 的建议。
不是传递内联查询,而是在 mysql 数据库中创建一个存储过程,并将参数作为 sqlcommand 参数传递。
https://www.w3schools.com/sql/sql_stored_procedures.asp
并且您应该始终将密码以加密形式存储在数据库中,这样当用户输入密码时,您必须对其进行加密并与数据库中的密码进行比较。
How do I encode and decode a base64 string?