我的注册页面不喜欢雅虎的电子邮件地址。 [英] My registration page does not like yahoo email address.
本文介绍了我的注册页面不喜欢雅虎的电子邮件地址。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个注册页面,新用户可以设置用户名和密码。我还有代码来检查用户名是否在数据库中以查看它是否是第一个授权用户。用户有@ yahoo.com地址。当用户输入他们的电子邮件地址时,每个事情都会正常,直到用户点击提交。出现错误,系统无法识别用户名!!!。为什么会这样?用户在数据库中。
I have a registration page that a new user can setup a username and password. I also have the code to check to see if the username is in the database to see if it is an authorize user first. The user has a @yahoo.com address. When the user enters their email address every thing goes ok until the user clicks on submit. The error comes up saying, "User Name Is Not Recognized by The System!!!". Why is this happening? The user is in the database.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Web.Security;
using System.Security.Cryptography;
public partial class SubmitPage : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
con.Open();
string cmdStr = "Select count(*) from Tablepass where EmailAddress='" + TextBoxEA.Text + "'";
SqlCommand userExist = new SqlCommand(cmdStr, con);
SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
if (temp == 1)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Already Exist!!!');", true);
TextBoxEA.Focus();
TextBoxEA.Text = string.Empty;
}
}
}
protected void Submit_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
con.Open();
string cmdStr = "Select INST_ID, accessLevel, EmailAddress from Table1 where EmailAddress='" + TextBoxEA.Text + "'";
string cmdStr2 = "Select INST_ID, accessLevel, EmailAddress from Table2 where EmailAddress='" + TextBoxEA.Text + "'";
string insCmd = "Insert into Tablepass (EmailAddress, Password, INST_ID, accessLevel) values (@EmailAddress, @Password, @INST_ID, @accessLevel)";
string insCmd2 = "Insert into Tablepass (EmailAddress, Password, INST_ID, accessLevel) values (@EmailAddress, @Password, @INST_ID, @accessLevel)";
SqlCommand insertUser = new SqlCommand(insCmd, con);
SqlCommand insertUser2 = new SqlCommand(insCmd2, con);
insertUser.Parameters.AddWithValue("@EmailAddress", TextBoxEA.Text);
insertUser.Parameters.AddWithValue("@Password", TextBoxPW.Text);
insertUser.Parameters.AddWithValue("@INST_ID", TextBoxINST_ID.Text);
insertUser.Parameters.AddWithValue("@accessLevel", TextBoxaccessLevel.Text);
try
{
insertUser.ExecuteNonQuery();
con.Close();
Response.Redirect("Login.aspx");
}
catch (Exception er)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Is Not Recognized by The System!!!');", true);
}
finally
{
}
}
protected void TextBoxEA_TextChanged(object sender, EventArgs e)
{
using (SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString))
{
con.Open();
SqlCommand scmd = new SqlCommand("Select INST_ID, EmailAddress, accessLevel from Table1 where EmailAddress = @TextBoxEA", con);
SqlCommand scmd2 = new SqlCommand("Select INST_ID, EmailAddress, accessLevel from Table2 where EmailAddress = @TextBoxEA", con);
scmd.Parameters.Add(new SqlParameter("@TextBoxEA", TextBoxEA.Text));
scmd2.Parameters.Add(new SqlParameter("@TextBoxEA", TextBoxEA.Text));
TextBoxINST_ID.Text = string.Empty;
TextBoxaccessLevel.Text = string.Empty;
using (SqlDataReader dr = scmd.ExecuteReader())
{
while (dr.Read())
{
TextBoxINST_ID.Text = dr["INST_ID"].ToString();
TextBoxaccessLevel.Text = dr["accessLevel"].ToString();
}
}
using (SqlDataReader dr2 = scmd2.ExecuteReader())
{
while (dr2.Read())
{
TextBoxINST_ID.Text = dr2["INST_ID"].ToString();
TextBoxaccessLevel.Text = dr2["accessLevel"].ToString();
}
}
}
}
}
推荐答案
这里有一些问题;每个都可能导致问题,并且每个愿望你都需要修复。我不能给你任何鱼,但我会试着教你钓鱼:
- 如上所述,在创建SQL查询时不要连接用户输入,或者将(通常在被搜索引擎索引后的几个小时内)被SQL注入攻击破坏。
- 即使不是SQL注入,代码也不适用于许多有效的电子邮件地址。例如john.o'leary@yahoo.com 甚至'@yahoo.com 都是有效的电子邮件地址,会破坏您的脚本。不相信我?发送电子邮件至'的电子邮件地址为redcell.ca
- 事实上,许多有效的电子邮件地址可能会破坏脆弱的系统。您是否知道()<> []:,; @ \!#
There are a few issues here; each of which may contribute to the problem, and each of wish you need to fix anyways. I can't give you any fish, but I'll try to teach you to fish:
- As mentioned, do not concatenate user input when creating a SQL query or you will (often in a matter of hours after being indexed by a search engine) be compromised by a SQL injection attack.
- Even if not for SQL injection, the code will not work with many valid email addresses. For example john.o'leary@yahoo.com or even '@yahoo.com are valid email addresses and will break your script. Don't believe me? Send me an email to ' at redcell.ca
- In fact, many valid email addresses can break fragile systems. Did you know that "()<>[]:,;@\"!#
%&'* + - / =?^ _`{ } | 〜? ^ _` {} |〜.a@ yahoo.org 是一个有效的电子邮件地址?阅读我的咆哮。 [ ^ ]避免使用通用, Hail Mary , Save Me Jebus!或 catch-all try / catch阻止;即: catch(Exception ex)。您的代码将输出 系统无法识别名称 :
- 系统无法识别该名称
- SQL语法中存在错误
- SQL服务器脱机
- SQL服务器太忙而无法及时回复
- 表 tablePass 不存在
- 发生零错误
- Web服务器内存不足
- 使用地址'@yahoo.com
- 我打赌你可以认为这里有20多个理由
%&'*+-/=?^_`{}| ~ ? ^_`{}|~.a"@yahoo.org is a valid email address? Read my rant.[^]Avoid ever using a universal, Hail Mary, Save Me Jebus!, or catch-all try/catch block; that is: catch (Exception ex). Your code will output Name Is Not Recognized by The System if:
- the name is not recognized by the system
- there is an error in your SQL syntax
- the SQL server is offline
- the SQL server is too busy to reply in time
- table tablePass doesn't exist
- a division by zero error occurs
- the web server runs out of memory
- the address '@yahoo.com is used
- I bet you can think of 20 more reasons here
这篇关于我的注册页面不喜欢雅虎的电子邮件地址。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
