登录方法及防止sql注入
来源:互联网 发布:淘宝注册打电话验证170 编辑:程序博客网 时间:2024/06/14 10:49
登录查询语句最好不要用连接字符串查询,防止sql注入。1‘or’1‘=’1string username="admin";string password="123";string str="连接字符串";using(sqlconnection cnn=newsqlconnection(str)){ using(sqlcommand cmd=cnn.createcommand()) { cmd.commandtext="select count(*) from login where username='"+username+"'and password='"+password+"'"; int i=convert.toint32(cmd.executescalar()); if(i>3) { console.write("yes"); } else { console.write("no"); } }}登录查询语句最好要用,防止sql注入。string username="admin";string password="123";string str="连接字符串";using(sqlconnection cnn=newsqlconnection(str)){ using(sqlcommand cmd=cnn.createcommand()) { cmd.commandtext="select count(*) from login where username=@username and password=@password"; cmd.parameters.add(new sqlparameter("username",username)); cmd.parameters.add(new sqlparameter("password",password)); int i=convert.toint32(cmd.executescalar()); if(i>3) { console.write("yes"); } else { console.write("no"); } }}限制错误登录次数private void incerrortimes(){ using(sqlconnection cnn2=newsqlconnection(str)) { using(sqlcommand cmd2=cnn2.createcommand()) { cmd2.commandtext="update login set errortimes=errortimes+1 where username=@username"; cmd2.parameters.add(new sqlparameter("username",username)); cmd2.executenonquery(); } }}private void reseterrortimes(){ using(sqlconnection cnn2=newsqlconnection(str)) { using(sqlcommand cmd2=cnn2.createcommand()) { cmd2.commandtext="update login set errortimes=0 where username=@username"; cmd2.parameters.add(new sqlparameter("username",username)); cmd2.executenonquery(); } }}using(sqlconnection cnn=newsqlconnection(str)){ using(sqlcommand cmd=cnn.createcommand()) { cmd.commandtext="select * from login where username=@username"; cmd.parameters.add(new sqlparameter("username",username)); using(sqldatareader reader=cmd.executereader()) { if(reader.read()) { int errortimes=convert.toint32(read["errortimes"]); if(errortimes>3) { console.write("登录错误次数过多,禁止登录"); return; } string dbpassword=read["password"]; if(password=dbpassword) { console.write("登录成功"); reseterrortimes() } else { console.write("登录失败"); incerrortimes(); } } else { console.write("用户名不存在"); } } }}