MySQL密码登录码？

Question

我想在C＃中用MySQL做一个登录代码。基本上用户输入用户名和密码，然后代码检查数据库密码是否正确。我无法从数据库中读取代码......这就是我所处的位置。

public string strUsername; 
public string strPassword; 


//Connect to DataBase 
MySQLServer.Open(); 

//Check Login 
MySqlDataReader mySQLReader = null; 
MySqlCommand mySQLCommand = MySQLServer.CreateCommand(); 
mySQLCommand.CommandText = ("SELECT * FROM user_accounts WHERE username =" +strUsername); 
mySQLReader = mySQLCommand.ExecuteReader(); 
while (mySQLReader.Read()) 
{ 
    string TruePass = mySQLReader.GetString(1); 
    if (strPassword == TruePass) 
    { 
    blnCorrect = true; 
    //Get Player Data 
    } 
} 

MySQLServer.Close(); 

从我在过去所做的那样，我认为这会工作，但如果我打印出来，它看起来似乎没有被读取。我对MySQL还是比较新的，所以任何帮助都会很棒。

Answer 1

非数字字段值必须用单引号括起来。

mySQLCommand.CommandText = "SELECT * FROM user_accounts WHERE username ='" +strUsername + "'"; 
mySQLCommand.Connection=MySQLServer; 

，但你必须使用Parameters防止SQL Injection。

mySQLCommand.CommandText = "SELECT * FROM user_accounts WHERE username =@username"; 
mySQLCommand.Connection=MySQLServer; 
mySQLCommand.Parameters.AddWithValue("@username",strUsername); 

Answer 2

 string con_string = @"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Database.mdf;Integrated Security=True;User Instance=True"; 
     string query = "SELECT * FROM Users WHERE UseName='" + txtUserName.Text.ToString() + "' AND Password='" + txtPassword.Text + "'"; 
     SqlConnection Con = new SqlConnection(con_string); 
     SqlCommand Com = new SqlCommand(query, Con); 
     Con.Open(); 
     SqlDataReader Reader; 
     Reader = Com.ExecuteReader(); 

     if (Reader.Read()) 
     { 
      lblStatus.Text="Successfully Login"; 
     } 
     else 
     { 
      lblStatus.Text="UserName or Password error"; 
     } 
     Con.Close(); 

正如AVD说，你应该用参数来防止SQL注入....