我有 2 个表单 Login
和 UserForm
。
在我的 Login
表单上,我有 2 个文本框控件,第一个用于用户名 (txtUser
),第二个用于密码 (txtPass
)。我还有一个名为 login
的按钮。
在我的 UserForm
上,我有一个名为 label1
的标签。
我想从 Login
中获取用户名的文本,以在 UserForm
的表单加载时显示在标签上。
请教我怎么做。
登录代码在这里:
public partial class Login : Form
{
UserForm _userform = new UserForm();
Admin _Adminform = new Admin();
public Login()
{
InitializeComponent();
}
private void loginscs_Click(object sender, EventArgs e)
{
try
{
string userNameText = txtUser.Text;
string passwordText = txtPass.Text;
string isAdmin = "yes";
string isNotAdmin = "no";
if (!(string.IsNullOrEmpty(txtUser.Text)) && !(string.IsNullOrEmpty(txtPass.Text)))
{
SqlConnection SCScon = new SqlConnection();
SCScon.ConnectionString = "Data Source=PEWPEWDIEPIE\\SQLEXPRESS;Initial Catalog=master;Integrated Security=True";
SqlCommand cmd = new SqlCommand("SELECT ISNULL(SCSID, '') AS SCSID, ISNULL(SCSPass,'') AS SCSPass, ISNULL(isAdmin,'') AS isAdmin FROM SCSID WHERE SCSID='" + txtUser.Text + "' and SCSPass='" + txtPass.Text + "'", SCScon);
SCScon.Open();
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
if (this.CompareStrings(dr["SCSID"].ToString(), txtUser.Text) &&
this.CompareStrings(dr["SCSPass"].ToString(), txtPass.Text) &&
this.CompareStrings(dr["isAdmin"].ToString(), isAdmin))
{
MessageBox.Show("Hello " + txtUser.Text, "Admin", MessageBoxButtons.OK, MessageBoxIcon.Information);
_Adminform.Show();
this.Hide();
}
else if (this.CompareStrings(dr["SCSID"].ToString(), txtUser.Text) &&
this.CompareStrings(dr["SCSPass"].ToString(), txtPass.Text) &&
this.CompareStrings(dr["isAdmin"].ToString(), isNotAdmin))
{
MessageBox.Show("Welcome " + txtUser.Text, "User");
_userform.Show();
this.Hide();
}
}
else
{
MessageBox.Show("Wrong ID/Pass");
}
SCScon.Close();
}
}
catch (Exception ex)
{
MessageBox.Show("error2" + ex);
}
}
private bool CompareStrings(string string1, string string2)
{
return String.Compare(string1, string2, true, System.Globalization.CultureInfo.InvariantCulture) == 0 ? true : false;
}
}
最佳答案
好吧,我建议做几件事
- 不要在登录表单中保留用户表单。登录失败直接退出应用,登录成功显示主窗体
- 将数据访问逻辑与 UI 逻辑分开
- 要将用户名传递给 UserForm 创建接受用户名字符串的 UserForm 构造函数
应用程序启动代码看起来像
static void Main()
{
Application.EnableVisualStyles();
Application.SetCompatibleTextRenderingDefault(false);
Login login = new Login();
if (login.ShowDialog() != DialogResult.OK)
return;
User user = login.User;
Form mainForm = user.IsAdmin ? (Form)new Admin() : new UserForm(user.Name);
Application.Run(mainForm);
}
因此,正如您已经注意到的,我创建了类 User 来保存与用户信息(密码除外)相关的信息:
public class User
{
public string Name { get; set; }
public bool IsAdmin { get; set; }
}
接下来,我在登录表单上分离了数据访问(移至存储库类)和 UI:
public partial class Login : Form
{
public Login()
{
InitializeComponent();
}
public User User { get; private set; }
private void btnLogin_Click(object sender, EventArgs e)
{
var repository = new UserRepository();
User = repository.GetUser(txtUser.Text, txtPass.Text);
if (User == null)
{
MessageBox.Show("Wrong ID/Pass");
DialogResult = DialogResult.Cancel;
return;
}
if (User.IsAdmin)
MessageBox.Show("Hello " + User.Name, "Admin",
MessageBoxButtons.OK,
MessageBoxIcon.Information);
else
MessageBox.Show("Welcome " + User.Name, "User");
DialogResult = DialogResult.OK;
}
private void RequiredTextBox_Validating(object sender, CancelEventArgs e)
{
TextBox textBox = (TextBox)sender;
if (String.IsNullOrEmpty(textBox.Text))
{
errorProvider.SetError(textBox, "Required");
return;
}
errorProvider.SetError(textBox, "");
}
}
我已经使用控件验证来检查文本框中是否输入了数据(您应该将两个文本框都订阅到 RequiredTextBox_Validating
事件并向此表单添加 ErrorProvider
组件)。接下来是数据访问。您当前的代码是 SQL Injection 的不错目标攻击。您应该使用参数将数据传递到数据库:
public class UserRepository
{
// NOTE: Use <connectionStrings> section in App.config to store connection string
private string connectionString = "Data Source=PEWPEWDIEPIE\\SQLEXPRESS;Initial Catalog=master;Integrated Security=True";
public User GetUser(string userName, string password)
{
using (var conn = new SqlConnection(connectionString))
using (var cmd = conn.CreateCommand())
{
cmd.CommandText = @"SELECT ISNULL(SCSID, '') AS SCSID,
ISNULL(SCSPass,'') AS SCSPass,
ISNULL(isAdmin,'') AS isAdmin
FROM SCSID
WHERE SCSID = @userName ANDnd SCSPass = @password";
cmd.Parameters.AddWithValue("@userName", userName);
cmd.Parameters.AddWithValue("@password", password);
conn.Open();
SqlDataReader reader = cmd.ExecuteReader();
if (!reader.Read())
return null;
User user = new User();
user.Name = userName;
user.IsAdmin = reader["isAdmin"].ToString() == "yes";
return user;
}
}
}
关于c# - 获取用户名以显示在另一个表单的标签上。需要解释,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20823680/