请帮忙整理我的登录表格 [英] Please do favor to sort out my login form
问题描述
我正在制作一个登录表单,当我检索数据时它附带数据库显示这种错误:
第23行:字符串查询=从userlogin中选择count(*),其中username ='+ txtBox1.Text +'并传递'+ txtBox2.Text +';
第24行:SqlCommand cmd = new SqlCommand(query,con);
第25行:string output = cmd.ExecuteScalar()。ToString();
第26行:if(输出==1)
第27行:{
源文件:c:\ Users \ Atta\Documents\Visual Studio 2012 \WebSites\WebSite3 \Default2.aspx.cs行:25
Stack Trace:
在第25行显示。而我在登录表格后使用此类代码:
什么我试过:
使用System;
使用System.Collections.Generic;
使用System.Linq;
使用System.Web;
使用System.Web.UI;
使用System.Web.UI.WebControls;
使用System.Configuration;
使用System.Data;
使用System.Data.SqlClient;
公共部分类Default2:System.Web.UI.Page
{
protected void Page_Load(object sender,EventArgs e)
{
}
protected void Button1_Click(object sender,EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [connect]。ToString ());
con.Open();
string query =select user(*)from userlogin where username ='+ txtBox1.Text +'并传递'+ txtBox2.Text +';
SqlCommand cmd = new SqlCommand(query,con);
string output = cmd.ExecuteScalar()。ToString();
if(output ==1)
{
Session [user] = txtBox1.Text;
Response.Redirect(登录成功);
}
else
{
Response.Write(Login Faild);
}
}
}
如果不仔细查看代码和细节,我可以说错误是因为sql查询中缺少equals运算符。
替换行号。 23跟随并查看是否有帮助 -
string query = 从userlogin中选择count(*),其中username =' + txtBox1.Text + '和pass =' + txtBox2.Text + ';
但等等,这不是全部。
您的代码是容易受到 SQL注入 [ ^ ]。
只需稍加努力,就可以通过存储过程或参数化查询来阻止SQL注入。请按照以下参考资料获取进一步指导 -
如何:防止SQL注入ASP.NET [ ^ ]
[ ^ ]
希望,有帮助:)
请参考 Simple-User-Login-Form-example-in-ASPNet.aspx [ ^ ]
I am making a login form and it attached with database when i retrieve data it show this sort of error:
Line 23: string query = "select count(*) from userlogin where username ='" + txtBox1.Text + "'and pass '" + txtBox2.Text + "'";
Line 24: SqlCommand cmd = new SqlCommand(query, con);
Line 25: string output = cmd.ExecuteScalar().ToString();
Line 26: if (output == "1")
Line 27: {
Source File: c:\Users\Atta\Documents\Visual Studio 2012\WebSites\WebSite3\Default2.aspx.cs Line: 25
Stack Trace:
the is showing on line number 25. while i am using such type of code behind login form:
What I have tried:
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Configuration; using System.Data; using System.Data.SqlClient; public partial class Default2 : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void Button1_Click(object sender, EventArgs e) { SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["connect"].ToString()); con.Open(); string query = "select count(*) from userlogin where username ='" + txtBox1.Text + "'and pass '" + txtBox2.Text + "'"; SqlCommand cmd = new SqlCommand(query, con); string output = cmd.ExecuteScalar().ToString(); if (output == "1") { Session["user"] = txtBox1.Text; Response.Redirect("Login Successful"); } else { Response.Write("Login Faild"); } } }
Without looking much into your code and details, I could say the error is because of the missing equals operator in the sql query.
Replace line no. 23 with following and see if that helps-
string query = "select count(*) from userlogin where username ='" + txtBox1.Text + "'and pass ='" + txtBox2.Text + "'";
But wait, that's not all.
Your code is vulnerable to SQL Injection[^].
With little more effort, you can prevent SQL injection via Stored Procedure or parameterised query. Please follow below reference for further guidance-
How To: Protect From SQL Injection in ASP.NET[^]
[^]
Hope, it helps :)
Please refer Simple-User-Login-Form-example-in-ASPNet.aspx[^]
这篇关于请帮忙整理我的登录表格的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!