SQLServer does not check information correctly in Delphi application

2

I have a login screen in Delphi + SQLServer where the goal is to compare the data sent with the ones in the database!

1st Scenario:

If I add the incorrect password and correct login. error!

2nd Scenario:

If I add random text in the user field and the correct password it works.

procedure TFMLogin.Img_confClick(Sender: TObject);
var verif: boolean;
begin
  FMHome.ADOLogin.close;
  FMHome.ADOLogin.SQL.Clear;
  FMHome.ADOLogin.SQL.add('Select * from "login" where "usuario" = :usuario');
  FMHome.ADOLogin.Parameters.ParamByName('usuario').Value := edt_usuario.Text;
  FMHome.ADOLogin.Open;
  try
    if (Not FMHome.ADOLogin.isEmpty) and (edt_senha.Text = FMHome.ADOLogin.FieldByName('senha').AsString) then
      begin
        Modalresult := mrok;
        verif := true;
      end
    else
      begin
         application.MessageBox('Senha ou usuário incorretos!','Atenção',MB_OK+MB_ICONINFORMATION);
         edt_usuario.Clear;
         edt_senha.Clear;
         edt_usuario.SetFocus;
         verif := false;
      end;
  finally
    FMHome.ADOLogin.Close;

  end;
    if (verif = true) then
  begin
      FreeAndNil(FmLogin); //Libera o form de Login da memória
      Application.CreateForm(TFmHome, FmHome); //Cria a janela main
      Application.Run; //Roda a aplicação
  end;
end;

I think some information is missing but I could not find it.

    
asked by anonymous 19.11.2015 / 17:21

1 answer

1

I would do the following, including use +/- this way:

  FMHome.ADOLogin.SQL.add('Select * from "login" where "usuario" = :usuario AND "senha" = :senha');
  FMHome.ADOLogin.Parameters.ParamByName('usuario').Value := edt_usuario.Text;
  FMHome.ADOLogin.Parameters.ParamByName('senha').Value := edt_senha.Text;
  FMHome.ADOLogin.Open;
  try
    if Not (FMHome.ADOLogin.isEmpty) then
    begin
      Modalresult := mrok;
      verif := true;
    end 
    else
    begin
      Application.MessageBox('Senha ou usuário incorretos!','Atenção',MB_OK+MB_ICONINFORMATION);
      edt_usuario.Clear;
      edt_senha.Clear;
      edt_usuario.SetFocus;
      verif := False;
    end;
    
19.11.2015 / 22:03