它显示用户名不正确.......... [英] it shows Username is Not correct only..........
问题描述
使用System;
使用System.Collections.Generic;
使用System.Linq;
使用System.Web;
使用System.Web.UI;
使用System.Web.UI.WebControls;
使用System.Data.SqlClient;
使用System.Configuration;
命名空间WebPage
{
公共部分类登录:System.Web .UI.Page
{
protected void Page_Load(object sender,EventArgs e)
{
}
protected void Button_LOGIN_Click(object sender,EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings [regConnectionString]。ConnectionString);
conn.Open();
string checkuser =select count(*)from UserDetail UserName ='System.Web.UI.WebControls.TextBox';
SqlCommand com = new SqlCommand(checkuser,conn);
int temp = Convert.ToInt32(com.ExecuteScalar()。ToString());
conn.Close();
if(temp == 1)
{
conn.Open();
string checkPasswordQuery =select来自UserDetail的密码,其中UserName ='System.Web.UI.WebControls.TextBox';
SqlCommand passComm = new SqlCommand(checkPasswordQuery,conn);
string password = passComm .ExecuteScalar()。ToString()。替换(,);
if(password == TextBoxPASSWORD.Text)
{
Session [New] = TextBoxUserName.Text;
Response.Write(密码正确);
Response.Redirect(Manager.aspx) ;
}
其他
{
Response.Write(密码不正确);
}
}
else
{
Response.Write(用户名不正确);
}
}
}
}
当您之前发布此代码时: System.Data.SqlClient.SqlExcep ... [ ^ ]
我解释那就是你正在使用的代码:
string checkuser = 从UserDetail中选择count(*),其中UserName =' + TextBoxUN + ;您应将其更改为:
string checkuser = 选择计数(*)来自UserDetail,其中UserName =' + TextBoxUN.Text + ' ;但这很危险,你应该使用参数化查询。
不是你应该直接使用类名...:叹气:
请开始思考你在做什么?请
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
namespace WebPage
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button_LOGIN_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["regConnectionString"].ConnectionString);
conn.Open();
string checkuser = " select count(*) from UserDetail where UserName='System.Web.UI.WebControls.TextBox'";
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
conn.Close();
if (temp == 1)
{
conn.Open();
string checkPasswordQuery = " select password from UserDetail where UserName='System.Web.UI.WebControls.TextBox'";
SqlCommand passComm = new SqlCommand(checkPasswordQuery, conn);
string password = passComm.ExecuteScalar().ToString().Replace(" ","");
if (password == TextBoxPASSWORD.Text)
{
Session["New"] = TextBoxUserName.Text;
Response.Write("Password is Correct");
Response.Redirect("Manager.aspx");
}
else
{
Response.Write("Password is Not correct");
}
}
else
{
Response.Write("Username is Not correct");
}
}
}
}
When you posted this code earlier: System.Data.SqlClient.SqlExcep...[^]
I explained that that was what the code your were using was going to do:
string checkuser = " select count(*) from UserDetail where UserName='" + TextBoxUN + "'";And that you should change it to:
string checkuser = " select count(*) from UserDetail where UserName='" + TextBoxUN.Text + "'";But that was dangerous and you should use Parametrised queries instead.
Not that you should use the class name directly...:sigh:
Please, start to think about what you are doing? Please?
这篇关于它显示用户名不正确..........的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!