问题是如果输入的用户名或密码不在数据库中，则数据读取器将返回空白.因此，您的while循环将根本不会执行.

The problem is that the data reader will come back empty if the username or password entered are not in the database. Therefore your while loop will not execute at all.

好吧，我并不感到惊讶:您只从数据库中检索与您的登录名和密码匹配的记录.因此，如果输入错误的密码，它将不会检索任何记录，也不会进入while循环以检查任何内容.

顺便说一句:不要像这样访问您的数据库:您将自己暴露于SQL注入攻击的威胁之下.请改用参数化查询:

Well I''m not surprised: you only retrieve records from the database which match you login name and password. So, if you enter a bad password, it will retrieve no records, and will not enter the while loop to check anything.

BTW: don''t access your DB like that: you are leaving yourself wide open to an SQL Injection attack. Use parametrized queries instead:

command.CommandText = "SELECT DISTINCT * FROM users WHERE name=@NM AND password=@PW";
command.Parameters.AddWithValue("@NM", data[0]);
command.Parameters.AddWithValue("@PW", data[1]);

问题出在命令中:

The problem lies in the Command :

command.CommandText = "SELECT DISTINCT * FROM users WHERE name='" +
                             data[0] + "'AND password='" + data[1] + "'";

删除WHERE条件，以便该命令可以检索所有名称和密码.然后在while循环中，可以将data [0]与名称进行比较，data [1]与密码进行比较，而不是在命令中进行比较.

像这样简单地输入命令:

Remove the WHERE condition, so that the command can retrieve all the Names and passwords. Then in the while loop, you can compare data[0] with name and data[1] with password and not in the command.

Just put the command simply like this :

command.CommandText = "SELECT DISTINCT * FROM users;

希望对您有所帮助！

Hope it helped!