{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 forever°为你锁心 的问题《C# SQL Database Windows Form Login System》','https://www.manongdao.com/q-1150836.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
Im working on a SQL database project in C#. I'm looking to create a login form which will be presented when someone starts the application.
The connection is made to the database, however they must enter a correct username and password into the first form before they can proceed to see the rest.
I have created 2 text boxes, and a button txtusername and txtpassword and a button login.
Here is my SQL command:
SqlCommand command = new SqlCommand("SELECT * FROM tblUsers WHERE Username ='" + txtUsername + "' AND Password = '" + txtPassword + "'", Program.cs);
I'm looking for a way to show in a label if the sql command yields a result meaning the username and password is stored in the user table then it returns true or something. If there is a more efficient or effective way to this also let me know :).
This code is a Vulnerability in your project See this for details
strong text*code for login page b
You should never create command texts by concatenating strings. Use
SqlParameter. That is to put first things first.And it seems to me that you have no (or very little) understanding how data access works in .net. So I'd recommend you to read some books on that topic, for example, Microsoft's "Accessing Data with .NET Framework 4".