用户名,密码尽量不要在BLL,UIL判断,尽可能的在储存过程判断,通过返回的值不同,进行判断,这样提高安全性
SQL Server储存过程代码:
BEGIN
if(exists ( select User_ID from SYS_User
where LTRIM(RTRIM(User_Name))=LTRIM(RTRIM(@User_Name)) ))
BEGIN if(exists ( select User_ID from SYS_User
where LTRIM(RTRIM(User_Name))=LTRIM(RTRIM(@User_Name)) and
LTRIM(RTRIM(User_PassWord))=LTRIM(RTRIM(@User_PassWord))))
BEGIN if (exists(select User_ID from SYS_User
where LTRIM(RTRIM(User_Name))=LTRIM(RTRIM(@User_Name)) and
LTRIM(RTRIM(User_PassWord))=LTRIM(RTRIM(@User_PassWord)) and
UserType_ID=@UserType_ID))
BEGIN select User_Name,UserType_ID from SYS_User
where LTRIM(RTRIM(User_Name))=LTRIM(RTRIM(@User_Name)) and
LTRIM(RTRIM(User_PassWord))=LTRIM(RTRIM(@User_PassWord)) and
UserType_ID=@UserType_ID
end
else
begin
select -3;------------用户类型错误
end
end
else
BEGIN
select -1;------------密码错误
end
end
else
BEGIN
select -2;---------用户名不存在
end
END
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
BLL代码:
public DataSet Login(string username,string password,int type) {
//加密密码
password = Utils.GetMd5HashStr(password);
SqlParameter[] sqlPams = {
new SqlParameter("@type",SqlDbType.NChar),
new SqlParameter("@User_Name",SqlDbType.NChar),
new SqlParameter("@User_PassWord",SqlDbType.NChar),
new SqlParameter("@UserType_ID",SqlDbType.Int),
};//声明SQL参数数组并实例化相关参数
sqlPams[0].Value = "DengLuYanZheng";//对参数赋值
sqlPams[1].Value = username;//对参数赋值
sqlPams[2].Value = password;//对参数赋值
sqlPams[3].Value = type;//对参数赋值
DataSet dateset = new DataSet();
DataTable dt = dal.QueryDataTable("Frm_Login", sqlPams);
dateset.Tables.Add(dt);
//myDAL.DAL_SelectDB_Par("存储过程的名字",SQL参数数组);
return dateset;
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
UIL代码:
private void but_Login_Click(object sender, EventArgs e)
{
var userName = UserName.Text.Trim();
var password = Password.Text.Trim();
int type = Convert.ToInt32(SelectType.SelectedValue);
DataTable LoginData = bll.Login(userName, password, type).Tables[0];
int type_int = Convert.ToInt32(LoginData.Rows[0][0]);
//判断
switch (type_int)
{
case -1:
{
MessageBox.Show("密码错误!!!", "提示",MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
break;
}
case -2:
{
MessageBox.Show("账号不存在,请联系管理员!!!", "提示", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
break;
}
case -3:
{
//
MessageBox.Show("用户类型不对应!!!", "提示", MessageBoxButtons.OK, MessageBoxIcon.Asterisk);
break;
}
default:
{
this.Hide();
Main main = new Main();
main.Show();
break;
}
}
}
---------------------