将密码保存到数据库 [英] save password to database
问题描述
您好,
请帮我这个
<前lang =c#> 公开 < span class =code-keyword> class 密码
{
// 生成随机密码的方法
public static string GeneratePassword()
{
string PasswordLength = 5;
string NewPassword = ;
string allowedChars = ;
allowedChars = 1,2,3,4,5,6,7,8,9,0 跨度>;
allowedChars + = A,B,C,D,E,F,G,H,I, J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,跨度>;
allowedChars + = a,b,c,d,e,f,g,h,i, J,K,L,M,N,O,p,q,R,S,T,U,v,W,X,Y,Z,跨度>;
allowedChars + = 〜,!,@,#,$,%,^,&,* ,+ ,?跨度>;
// 字符分隔
char [] sep = {' ,'};
string [] arr = allowedChars.Split(sep);
string IDString = 跨度>;
string temp = ;
随机rand = 新 Random();
for ( int i = 0 ; i < Convert.ToInt32(PasswordLength); i ++)
{
temp = arr [rand.Next( 0 ,arr.Length)];
IDString + = temp;
NewPassword = IDString;
}
返回 NewPassword;
}
// 将NewPassword保存到数据库[Users表]的方法
public static void SavePasswordToDB()
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [ MyDBConnectionString]。ToString());
string strNewPassword = GeneratePassword()。ToString();
SqlCommand cmd = new SqlCommand( INSERT INTO dbo.Users(UserPassword)值(strNewPassword),con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
我收到以下错误:
在此上下文中不允许使用名称strNewPassword。有效表达式是常量,常量表达式和(在某些上下文中)变量。不允许使用列名。
我应该通过什么值()??
谢谢。,%,^,&,*,+,?
;
// 字符分隔
char [] sep = {' ,'};
string [] arr = allowedChars.Split(sep);
string IDString = ;
string temp = ;
随机rand = 新随机();
for ( int i = 0 ; i < Convert.ToInt32(PasswordLength); i ++)
{
temp = arr [rand.Next( 0 ,arr.Length)];
IDString + = temp;
NewPassword = IDString;
}
返回 NewPassword;
}
// 将NewPassword保存到数据库[Users表]的方法
public static void SavePasswordToDB()
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [ MyDBConnectionString]。ToString());
string strNewPassword = GeneratePassword()。ToString();
SqlCommand cmd = new SqlCommand( INSERT INTO dbo.Users(UserPassword)值(strNewPassword),con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
我收到以下错误:
在此上下文中不允许使用名称strNewPassword。有效表达式是常量,常量表达式和(在某些上下文中)变量。不允许使用列名。
我应该通过什么值()??
谢谢。
好的,两件事。
一,你传递这个字符串:
INSERT INTO dbo.Users(UserPassword)值(strNewPassword)
显然,它不知道 strNewPassword
是什么。
要解决此问题,请确保传递值。但是请使用参数(免责声明:我没有编译它,但它应该可以工作):
尝试
{
con.Open();
使用(SqlCommand cmd = new SqlCommand( INSERT INTO dbo.Users(UserPassword)值(@password),con))
{
cmd.Parameters。 AddValue( @ password,strNewPassword);
cmd.ExecuteNonQuery();
}
}
最后
{
if (con!= null )con.Close();
}
这比使用 String.Format $ c更安全$ c>或类似的东西。因为这会让你对SQL注入开放(尽管在这种情况下可能不是这样,但这样做仍然是好的做法)。在我看来,无论如何使用起来要容易得多。 有关该主题的更多信息 [ ^ ]
但第二件事(也许是最重要的):为什么你在数据库中存储未加密的密码吗?
你必须使用这些行....
public static void SavePasswordToDB()
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [MyDBConnectionString]。ToString());
string strNewPassword = GeneratePassword()。ToString();
SqlCommand cmd = new SqlCommand(INSERT INTO dbo.Users(UserPassword)Values(+strNewPassword +'),con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
Hello,
Please help me with this
public class Password
{
// method to generate random Password
public static string GeneratePassword()
{
string PasswordLength = "5";
string NewPassword = "";
string allowedChars="";
allowedChars = "1,2,3,4,5,6,7,8,9,0";
allowedChars += "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,";
allowedChars += "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,";
allowedChars += "~,!,@,#,$,%,^,&,*,+,?";
// seperation of characters
char[] sep = { ',' };
string[] arr = allowedChars.Split(sep);
string IDString = "";
string temp = "";
Random rand = new Random();
for (int i = 0; i < Convert.ToInt32(PasswordLength); i++)
{
temp = arr[rand.Next(0, arr.Length)];
IDString += temp;
NewPassword = IDString;
}
return NewPassword;
}
// Method to save NewPassword to Database's [Users table]
public static void SavePasswordToDB()
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MyDBConnectionString"].ToString());
string strNewPassword = GeneratePassword().ToString();
SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users(UserPassword) Values(strNewPassword)", con);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
I am getting the following error:
The name "strNewPassword" is not permitted in this context. Valid expressions are constants, constant expressions, and (in some contexts) variables. Column names are not permitted.
What should i pass in Values() ??
Thank you.
,%,^,&,*,+,?"; // seperation of characters char[] sep = { ',' }; string[] arr = allowedChars.Split(sep); string IDString = ""; string temp = ""; Random rand = new Random(); for (int i = 0; i < Convert.ToInt32(PasswordLength); i++) { temp = arr[rand.Next(0, arr.Length)]; IDString += temp; NewPassword = IDString; } return NewPassword; }
// Method to save NewPassword to Database's [Users table] public static void SavePasswordToDB() { SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MyDBConnectionString"].ToString()); string strNewPassword = GeneratePassword().ToString(); SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users(UserPassword) Values(strNewPassword)", con); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } }
I am getting the following error:
The name "strNewPassword" is not permitted in this context. Valid expressions are constants, constant expressions, and (in some contexts) variables. Column names are not permitted.
What should i pass in Values() ??
Thank you.
Okay, two things.
One, you're passing this string:
"INSERT INTO dbo.Users(UserPassword) Values(strNewPassword)"
So obviously it won't know whatstrNewPassword
is.
To fix that, make sure you pass the values. But please, use parameters for that (disclaimer: I haven't compiled this, but it should work):
try { con.Open(); using(SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users(UserPassword) Values(@password)", con)) { cmd.Parameters.AddValue("@password", strNewPassword); cmd.ExecuteNonQuery(); } } finally { if (con != null) con.Close(); }
This is a much safer way than using aString.Format
or something similar. Because that would leave you open to SQL injection (though perhaps not in this case, it's still good practice to do so). And it's a lot easier to use anyway in my opinion. More info on the subject[^]
But the second thing (and perhaps the most important): Why are you storing an unencrypted password in your database??
you have to use these lines....
public static void SavePasswordToDB() { SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MyDBConnectionString"].ToString()); string strNewPassword = GeneratePassword().ToString(); SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users(UserPassword) Values('" + strNewPassword + "')", con); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } }
这篇关于将密码保存到数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!