使用javascript在sql server数据库中更新密码 [英] update password in sql server database using javascript
本文介绍了使用javascript在sql server数据库中更新密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
当用户填写表单并单击更改密码按钮时,我需要在sql server数据库的users表中更新密码。我使用以下逻辑。但它没有更新数据库...
i need to update password in the users table in sql server database when the user fill the form and click the change password button.i have use the following logic. but it is not updating the database...
function Updatepass() {
var oldp = document.getElementById('oldp').value;
var newp = document.getElementById('newp').value;
var cnewp = document.getElementById('cnewp').value;
if (oldp.length != 0 && newp.length != 0) {
if (newp == cnewp) {
var connection = new ActiveXObject("ADODB.Connection");
var connectionstring = "server=DIMTS-022\\SQLEXPRESS ;database=db_asset ; trusted_connection=yes";
connection.Open(connectionstring);
var rs = new ActiveXObject("ADODB.Recordset");
rs.Open("update dbo.tbl_users set pass = '" + newp + "' where pass=" + oldp, connection);
alert("Update Password Successfuly");
txtid.value = " ";
connection.close();
}
else {
alert("Passwords do not match");
}
}
else {
alert("Please Enter Passwords");
}
}
也想使用user_id更改它。 ..因为我需要获取用户当前loged的user_id。怎么可以成为现实?
请帮助我!!!
also want to change it using the user_id... for that i need to fetch the user_id of the current loged in user. how that can be achive?
pls help me!!!
推荐答案
您好,
这不是正确的方法。而是创建一个Web服务并使用JavaScript调用它。在生产环境中,没有人会直接通过互联网公开数据库。此外,并不总能保证ADODB驱动程序将在客户端的计算机上可用。对于创建Web服务,您会发现以下文章有用
Hello,
It's not the proper way. Instead create a web service and invoke it using the JavaScript. In production environment no one is going to expose the database directly over the internet. Plus it's not always guaranteed that the ADODB driver's will be available on the client's machine. For creating a web service you will find following articles useful
- Your first C# Web Service[^]
- How to make a simple WebService and consume it.[^]
- WCF REST Service with JSON[^]
- Create a JSON WebService in ASP.NET 2.0 with a jQuery Client[^]
var newpass,oldpwd;
oldpwd = document.getElementById('oldp').value;
newpass = document.getElementById('newp').value;
.ajax({
type: POST,
url: your_service_url,
数据:{ newpass:newpass, oldpass:oldpwd},
contentType: application / json; charset = utf-8,
dataType: json,
成功: function (msg){
},
错误: function (msg){
}
});
.ajax({ type: "POST", url: "your_service_url", data: {"newpass":newpass,"oldpass":oldpwd}, contentType: "application/json; charset=utf-8", dataType: "json", success: function(msg) { }, error: function(msg) { } });
登录用户id将在发送方面知道.br mode =hold/>
问候,
The loggedin user's id will be known on the serve side.br mode="hold" />
Regards,
你真的想从客户端这样做吗?真?别!你有几个设计缺陷和安全问题:
1)它不是跨浏览器
2)如果你可以使用trusted来连接数据库,为什么你有一个用户表呢?
3)你发出的声明是错误的:如果两个用户拥有相同的密码,两者都会被更改
4)如果有人使用相同的可信连接改变怎么办?通过绕过应用程序的身份验证和授权,它的权限,从表中删除数据或其他东西。
首先:客户端的内容可以是和会受到损害。所以永远不要相信客户端!
您需要在sql server端执行所有授权和身份验证工作,或者在数据库上方至少实现一层以执行身份验证和授权。
You really want to do this from client side? Really? Don't! You have several design flaws and security issues:
1) It is not cross-browser
2) If you can use trusted to connect to the database, why do you have a user table anyway?
3) The statement you issue is wrong: if two users have the same password, both will be changed
4) What if somebody is using the same trusted connection to alter it's permissions, delete data from a table, or something else by circumventing the authentication and authorization of the application.
First of all: what is on client side can be and will be compromised. So never believe the client!
You need either to do all the authorization and authentication job on sql server side, or implement at least one layer above the database to perform authentication and authorization.
这篇关于使用javascript在sql server数据库中更新密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
