使用c#登录页面表单asp.net [英] Login Page Form asp.net using c#
本文介绍了使用c#登录页面表单asp.net的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
它显示两个错误
当前上下文中不存在Textbox3这个名称
当前上下文中不存在Textbox2这个名称
con = new SqlConnection( 数据源= MAC-20;初始目录= prakash ; User ID = sa; Password = sql @ 2012);
cmd = new SqlCommand( 从signin中选择count(*),其中username =' + TextBox2.Text + '+ and password =' + Textbox3.Text + ,con);
cmd.Parameters.AddWithValue( @ username ,TextBox2.Text);
cmd.Parameters.AddWithV alue( @ password,Textbox3.Text);
da = new SqlDataAdapter(cmd);
dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0 )
{
Response.Redirect( home的.aspx);
}
else
{
ClientScript.RegisterStartupScript(Page.GetType(), validation, < script language ='javascript'> alert('无效的用户名和密码')< / script>);
}
解决方案
:叹息:
数字这里的问题真的很令人惊讶:你应该认为自己很幸运,因为它不能编译 - 因为如果这进入真实世界你今年获得圣诞奖金的机会将会小得令人难以置信。
让我们开始Big One:SQL注入。
当你在网站的登录页面上打开SQL注入时,你可以让任何人,任何地方这个世界,他们甚至不需要登录就可以对你的数据库做任何事情。而且我很认真:那段代码让我可以在不知道密码的情况下登录,更改你的密码所以我知道你不知道,或者只需删除整个数据库。所有这些都没有登录。
永远不要连接字符串以形成SQL命令。总是使用参数化查询,或者有人会来,并利用它......
然后还有第二个大问题:永远不要以明文形式存储密码 - 这是一个重大的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
第三,为什么要重新发明轮子并尝试自己实施网站登录?使用内置设施,你不要让你的网站的第一个开放...从这里开始:会员资格简介 [ ^ ]
然后你会发现所有其他问题开始融化离开...
放置文本框的结束标记
< asp:TextBox ID = TextBox2runat =serverOnTextChanged =TextBox2_TextChangedplaceholder =E-mailHeight =25px>
< / asp:TextBox>
< asp:TextBox ID =TextBox3runat =server占位符=密码TextMode =密码高度=25px> < / ASP:文本框>
< asp:Label ID =Label9runat =serverText =Register>< / asp:Label>
你能用文本框的Id验证吗。
你的.axpx文件和.aspx.cs文件的textBox3拼写不同。
it shows two error
The name 'Textbox3' does not exist in the current context
The name 'Textbox2" does not exist in the current context
con = new SqlConnection("Data Source=MAC-20;Initial Catalog=prakash;User ID=sa;Password=sql@2012");
cmd = new SqlCommand("select count(*) from signin where username = '" + TextBox2.Text + "' + and password = '" + Textbox3.Text + "'",con);
cmd.Parameters.AddWithValue("@username",TextBox2.Text);
cmd.Parameters.AddWithValue("@password",Textbox3.Text);
da = new SqlDataAdapter(cmd);
dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0)
{
Response.Redirect("home.aspx");
}
else
{
ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('Invalid Username and Password')</script>");
} 解决方案
:sigh:
The number of problems here is really quite amazing: you should think yourself lucky that it doesn't compile - because if this got out into the "real world" your chances of a Christmas bonus this year would be unbelievably small.
Let's start the the Big One: SQL Injection.
When you leave yourself open to SQL Injection on your login page for a website, you let anyone, anywhere in the world, do anything they like to your database without even having to log in. And I'm serious: that code lets me log in as you without knowing your password, change your password so I know it and you don't, or just delete your entire database. All without logging in.
Never, ever, concatenate strings to form an SQL command. Always use parametrized queries, or someone will come along, and take advantage of it...
Then there is the second big one: Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
Third, why are you reinventing the wheel and trying to implement website login yourself? Use the built in facilities, and you don't leave the erst of your site wide open as well... Start here: Introduction to membership[^]
And then you should find all your other problems starting to melt away...
place closing tag for textbox
<asp:TextBox ID="TextBox2" runat="server" OnTextChanged="TextBox2_TextChanged" placeholder="E-mail" Height="25px" > </asp:TextBox> <asp:TextBox ID="TextBox3" runat="server" placeholder="password" TextMode="Password" Height="25px"> </asp:TextBox> <asp:Label ID="Label9" runat="server" Text="Register"></asp:Label>
Can you once verify with Id of your textboxes.
Your .axpx file and .aspx.cs file having textBox3 spelling different.
这篇关于使用c#登录页面表单asp.net的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
