带登录的TextBox_TextChange [英] TextBox_TextChange with Login
问题描述
我有一个登录页面,如果用户名不存在且我们必须注册,我想让用户知道。我所使用的代码,但当用户输入数据库中的用户名时,会出现错误消息,并显示无效的用户名/密码。如果用户在点击登录时输入有效或无效的用户名和密码,我希望出现此错误。我怎样才能获得我的代码呢?我有这个代码是页面加载,但我认为它可能在TextBox_TextChange中更好。
I have a login page that I want to let the user know if there username does not exist and they must register. The code that I have works but when a user enters in a username that is in the database the error message come up and says "Invalid UserName/Password". I would like for this error to come up if the user enters a valid or invalid username and password when they click on login. How can I get my code to do that? I had this code is Page Load but I thought it might work better in TextBox_TextChange.
if (IsPostBack)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HotConnectionString"].ConnectionString);
con.Open();
string cmdStr = "Select count(*) from Tablepass where EmailAddress='" + TextBoxEA.Text + "'";
SqlCommand userExist = new SqlCommand(cmdStr, con);
SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
if (temp == 1)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
}
else
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true);
}
}
}
}
推荐答案
它会立即触发文本更改以及它们连接文本框文本值的文本值的方式导致意外值出现在WHERE子句中。你可以这样做:
It fires as soon as the text changes and they way you are concatenating the text value of your textbox text value is causing an unexpected value to be in the WHERE clause. You could have done something like this:
if (IsPostBack)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HOTConnectionString"].ConnectionString);
con.Open();
string cmdStr = "select count(*) from Tablepass where EmailAddress=@TextBoxEA";
SqlCommand userExist = new SqlCommand(cmdStr, con);
SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
userExist.Parameters.AddWithValue("@TextboxEA", TextBoxEA.Text);
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
if (temp == 0)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
}
}
}
另外,你有多次被告知这种代码让你容易受到SQL注入攻击。使用参数化查询修改它将符合您的最佳利益。
Also, you have been told numerous times that this sort of code leaves you vulnerable to SQL injection. It would be in your best interest to revise it using parameterized queries.
int loginAttempts = 0;
if (IsPostBack)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["HOTConnectionString"].ConnectionString);
con.Open();
string cmdStr = "select count(*) from Tablepass where EmailAddress=@TextBoxEA";
SqlCommand userExist = new SqlCommand(cmdStr, con);
SqlCommand cmd = new SqlCommand("select INST_ID, EmailAddress from Tablepass", con);
userExist.Parameters.AddWithValue("@TextboxEA", TextBoxEA.Text);
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
if (temp == 0)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('Invalid UserName/Password!!!');", true);
loginAttempts++;
}
else if (loginAttempts == 5)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "script", "alert('User Name Does Not Exist!!! You Must Fill Out Registration First!!!');", true);
}
}
}
这检查了多少他们试图登录的次数,然后在5次尝试后显示注册消息(可以是任何数字)。如果用户输入的数据有效,您的其他可以登录。
[/ EDIT]
This checks how many times they have attempted to login and then will show the register message after 5 attempts(which could be any number). Your "else" could do the login if the user entered data is valid.
[/EDIT]
这篇关于带登录的TextBox_TextChange的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
