正如我在注解中所说的，始终在查询字符串中使用参数。另外，由于OleDbDataReader是只向前阅读的，因此我要做的是创建一个新用户，并将返回的每条记录添加到列表中。然后，如果只得到一条记录，使用该用户数据填充表单。代码中的另一个主要缺陷是...您将密码以纯文本形式存储在数据库中。最好的做法是使用单向加密对密码进行加密/散列，并且只将散列存储在数据库中。每次用户在登录时输入密码时，都使用相同的算法对其进行散列，并将其与存储在数据库中的散列进行比较。
这里有一个结合了Using（@Flydog57建议的）和Parameters的例子，但我不会展示如何哈希和存储加密的密码。

using System;
using System.Collections;
using System.Collections.Generic;
using System.Data;
using System.Data.OleDb;
                    
public class Program
{
    public static void Main()
    {
        using (OleDbConnection connection = new OleDbConnection("Provider=Microsoft.ACE.OLEDB.12.0;Data Source=C:\\Users\\RAV21001310\\OneDrive\\Database1.accdb;")) 
        {
            connection.Open();
            
            using (OleDbCommand command = new OleDbCommand("SELECT * FROM tblUser WHERE Username=@Username AND Password=@Password", connection)) 
            {
                command.Parameters.AddWithValue("@Username", username.text);
                command.Parameters.AddWithValue("@Password", password.text);
                
                using (OleDbDataReader reader = command.ExecuteReader()) 
                {
                    int count = 0;
                    
                    List<User> UserList = new List<User>();
                    while (reader.Read()) 
                    {
                        count = count + 1;
                        
                        User user = new User() {
                            Username = reader.GetString(1),
                            FirstName = reader.GetString(2),
                            LastName = reader.GetString(3),
                            DateCreated = reader.GetDateTime(4)
                        };
                        
                        UserList.Add(user);
                    }

                    if (count == 1)
                    {
                        //Alert User
                        MessageBox.Show("Username and password is correct");

                        //Create an instance of the ProfileForm and populated it with the User data.
                        var ProfileForm pf = new ProfileForm(UserList[0]);

                        //Show the Profile Form as a modal window.
                        pf.ShowDialog();
                    }

                    if (count > 1)
                    {
                        MessageBox.Show("Duplicate username and password");
                    }
                    else
                    {
                        MessageBox.Show("Username or password incorrect");
                    }
                }
            }
            connection.Close();
        }
    }
}

//This is a class to hold user data.
public class User {
    public string Username { get; set; } = "";
    public string Password { get; set; } = "";
    public string FirstName { get; set; } = "";
    public string LastName { get; set; } = "";
    public DateTime DateCreated { get; set; } = DateTime.MinValue;
}

这是一个“ProfileForm”代码隐藏的快速示例。当您验证用户是否经过身份验证，然后创建ProfileForm的示例，用用户数据填充它，然后向用户显示表单。还有许多其他方法可以填充配置文件表单并处理对用户数据的更新，这只是一个示例。

public class ProfileForm : Form
{
    public User User
    {
        get 
        { 
            //When you get the User, update all the user data from text boxes.
            User.FirstName = firstnameTextBox.Text;
            User.LastName = lastnameTextBox.Text;

            //return the newly updated User variable.
            return User;
        }
        set
        {
            //When we write new data to the form User variable,
            //populate each relevant text box on the form.
            usernameTextBox.Text = User.Username;
            firstnameTextBox.Text = User.FirstName;
            lastnameTextBox.Text = User.LastName; 
        }
    }
    
    public ProfileForm(User User) {
        this.User = User;
    }
}