-4
using (SqlConnection conn = new SqlConnection())
{
conn.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\hp\documents\visual studio 2010\Projects\FinalProject\FinalProject\InfoEmp.mdf;Integrated Security=True;User Instance=True";
conn.Open();
SqlCommand comm = new SqlCommand("Select * from UserLog where Username = '" + txtUname.Text + "' and Password = '" + txtPword.Text + "' ;", conn);
SqlDataReader sdr;
sdr = comm.ExecuteReader();
while (sdr.Read())
{
if (comm.Equals(txtUname.Text) &&
comm.Equals(txtPword.Text))
{
using (frmMain frmmain = new frmMain())
{
this.Hide();
frmmain.ShowDialog();
}
}
else if (comm.Equals(txtUname.Text) &&
comm.Equals(txtPword.Text))
{
using (frmMain2 frmmain2 = new frmMain2())
{
this.Hide();
frmmain2.ShowDialog();
}
}
else if (txtPword.Text == "" && txtUname.Text == "")
{
MessageBox.Show("Please Fill in the blanks..");
}
else
{
MessageBox.Show("Please make sure that you have access of being admin");
}
}
conn.Close();
這是我的代碼..爲什麼在別的,如果條件..他們只讀取別人..請回答感謝如何從txtbox形式值傳遞到SQL表
你可以編輯你的文章...格式不正確顯示 – 2015-02-07 07:24:47
這到底是什麼? – 2015-02-07 07:34:49
[SQL注入警報](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - 你應該**不**連接你的SQL語句 - 使用**參數化查詢**,而不是爲了避免SQL注入 – 2015-02-07 07:44:56