注册页面问题需要帮助!!! [英] Registration Page Problem Need Help!!!
问题描述
我的注册页面有问题。每次用户输入他们的电子邮件地址和密码时,他们都会得到我设置的错误按摩。用户电子邮件地址和密码未保存到我为其设置的表中,他们无法登录。我做错了什么?
I have a problem with my registration page. Every time a user enters their email address and password they get the error massage that I setup. The user email address and password is not saved into the table I set it for and they can not login. What did I do wrong?
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Web.Security;
using System.Security.Cryptography;
public partial class SubmitPage : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["PasswordConnectionString"].ConnectionString);
con.Open();
string cmdStr = "Select count(*) from TableSecurity where EmailAddress='" + TextBoxEA.Text + "'";
string cmdStr2 = "Select count(*) from TableCEO where EmailAddress ='" + TextBoxEA.Text + "'";
string cmdStr3 = "Select count(*) from TableIALO where EmailAddress ='" + TextBoxEA.Text + "'";
SqlCommand userExist = new SqlCommand(cmdStr, con);
SqlCommand cmd = new SqlCommand("select * from TableSecurity", con);
SqlCommand cmd2 = new SqlCommand("select * from TableCEO", con);
SqlCommand cmd3 = new SqlCommand("select * from TableIALO", con);
int temp = Convert.ToInt32(userExist.ExecuteScalar().ToString());
if (temp == 1)
Response.Write("User Name Already Exist!!!<br /> Please Choose Another User Name.");
}
}
protected void Submit_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["PasswordConnectionString"].ConnectionString);
con.Open();
string chkUser = "select count(*) from TableCEO where EmailAddress'" + TextBoxEA.Text + "";
chkUser = "select count(*) from TableIALO where EmailAddress'" + TextBoxPW.Text + "";
SqlCommand chkUsercmd = new SqlCommand(chkUser, con);
string insCmd = "Insert into TableSecurity (EmailAddress, Password) values (@EmailAddress, @Password)";
SqlCommand insertUser = new SqlCommand(insCmd, con);
insertUser.Parameters.AddWithValue("@EmailAddress", TextBoxEA.Text);
insertUser.Parameters.AddWithValue("@Password", TextBoxPW.Text);
try
{
insertUser.ExecuteNonQuery();
con.Close();
Response.Redirect("Login.aspx");
}
catch (Exception er)
{
Response.Write("Something Really Bad Has Happened....Please Try Again.");
}
finally
{
}
}
}
推荐答案
你的问题在这里:
Your problem is here:
string insCmd = "Insert into TableSecurity (EmailAddress, Password, AccessLevel) values (@EmailAddress, @Password)";
SqlCommand insertUser = new SqlCommand(insCmd, con);
insertUser.Parameters.AddWithValue("@EmailAddress", TextBoxEA.Text);
insertUser.Parameters.AddWithValue("@Password", TextBoxPW.Text);
注意你有3列,但是你只插入2个值?您忽略了AccessLevel列,您需要在值部分添加它以及它的参数。
我很困惑的另一件事是,您使用参数化查询正确插入,但完全忽略它们的计数选择在顶部?如果我键入正确的电子邮件地址,我可以从您的数据库中获取所有用户名和密码,擦除数据库或执行我想要的任何其他操作。更改那些也使用参数!
Notice how you have 3 columns, but you are only inserting 2 values? You are ignoring the AccessLevel column, you need to add that in the values section and a parameter for it.
Another thing I'm confused about, you use parameterized queries properly in the insert, but completely ignore them for the count selects at the top? If I type the right "email address", I can get all your user names and passwords out of you database, erase your database, or do anything else I want. Change those to use parameters too!
这篇关于注册页面问题需要帮助!!!的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!