当我在asp.net登录时,它说错了密码 [英] when I login in asp.net it say wrong password
本文介绍了当我在asp.net登录时,它说错了密码的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
protected void btnLogin_Click(object sender, EventArgs e)
{
SqlDataAdapter da = new SqlDataAdapter("select * from users where username='" + txtUserName.TemplateControl + "' and password='" + txtPswrd.Text + "'", con);
DataSet ds = new DataSet();
da.Fill(ds, "users");
try
{
con.Open();
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
Response.Redirect("home.aspx");
else
Label1.Text = " wrong pswd";
}
catch (Exception err){}
}
推荐答案
你的查询似乎有错误的用户名参数值即,而不是txtUserName.TemplateControl你应该使用txtUserName.Text
也请请继续阅读以了解如何使用sqlparameters,因为您当前的代码可能是sql注入的受害者。
问候
Pawan
your query seems to have wrong username parameter value i.e., instead of txtUserName.TemplateControl you should be using txtUserName.Text
Also please read on to see how to use sqlparameters as your current code can be a victim of sql injections.
Regards
Pawan
txtUserName.TemplateControl你应该使用txtUserName.Text
txtUserName.TemplateControl you should be using txtUserName.Text
你的查询应该如下
You query should be like following
SqlDataAdapter da = new SqlDataAdapter("select * from users where username='" + txtUserName.Text.Trim() + "' and password='" + txtPswrd.Text.Trim() + "'", con);
注意:使用参数化查询以获得更好的性能和安全性目的
谢谢
Note: Use parameterized query for better performance and security purpose
Thanks
这篇关于当我在asp.net登录时,它说错了密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文