我的登录页面有问题 [英] having trouble with my login page
本文介绍了我的登录页面有问题的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在尝试匹配用户名,姓氏和密码输入并匹配他们注册的数据库,但是当我按下登录按钮时得到以下内容:
查询表达式'[name]','jordan''中的语法错误(缺少运算符)。
i只需要一些帮助,因为我是新手对此,需要向正确的方向推进任何书籍或文章也会有所帮助。提前致谢
代码:
i'm trying to match the users name, surname and password input and match against the database where they registered but getting the following when i press the login button:
"Syntax error (missing operator) in query expression '[name]','jordan''."
i just need a little help as I'm new to this and need a push towards the right direction any books or articles will also help. Thanks in advance
The Code:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OleDb;
public partial class login : System.Web.UI.Page
{
\\ create connection object
private static OleDbConnection GetConnection()
{
String connString;
connString = @"Provider=Microsoft.JET.OLEDB.4.0;Data Source=C:\Users\Wisal\Documents\Visual Studio 2012\WebSites\WebSite3\registration-Db.mdb";
return new OleDbConnection(connString);
}
protected void Page_Load(object sender, EventArgs e)
{
}
protected void loginButtn_Click(object sender, EventArgs e)
{
OleDbConnection myConnection = GetConnection();
try
{
myConnection.Open();
Console.WriteLine("Connection Opened");
String checkUser = "select count(*) from client where [name]" + "','" + nameloginBox.Text + "'";
OleDbCommand myCommand = new OleDbCommand(checkUser, myConnection);
myCommand.ExecuteNonQuery(); \\ error occurs here when login button is pressed Syntax error (missing operator) in query expression '[name]','jordan''."
myConnection.Close();
{
myConnection.Open();
String checkname = "select count(*) from client where surname" + snameloginBox.Text + "'";
OleDbCommand checkSname = new OleDbCommand(checkUser, myConnection);
checkSname.ExecuteNonQuery();
myConnection.Close();
{
myConnection.Open();
String checkPassword = "select count(*) from client where [password]" + passwrdloginBox + "'";
OleDbCommand passComm = new OleDbCommand(checkPassword, myConnection);
String password = passComm.ExecuteNonQuery().ToString().Replace(" ","");
if (password == passwrdloginBox.Text)
{
Session[""] = nameloginBox.Text;
Response.Write("Password Correct");
}
else
{
Response.Write("Password Incorrect");
}
}
}
}
finally
{
myConnection.Close();
}
}
}
推荐答案
首先sql查询语法不正确 - 这就是你得到错误的原因。
由于你不需要查询的列值,最好使用ExecuteScalar()
其次建议使用make查询安全,否则违反SQL注入。
Firstly sql query syntax was incorrect - that is why you were getting error.
As you don't need column value from query, it is better to use ExecuteScalar()
Secondly it is recommended to use make query safe otherwise it violates SQL injection.
OleDbCommand myCommand = new OleDbCommand(checkUser, myConnection);
myConnection.Open();
String checkPassword = "select count(*) from client where [password] = ?";
OleDbCommand passComm = new OleDbCommand(checkPassword, myConnection);
OleDbParameter p1 = new OleDbParameter();
p1.Value = passwrdloginBox.Text;
passComm.Parameters.Add(p1);
int rowsAffected = (int)passComm.ExecuteScalar();
if (rowsAffected > 0)
{
Session[""] = nameloginBox.Text;
Response.Write("Password Correct");
}
else
{
Response.Write("Password Incorrect");
}
有一个错字;逗号应该是一个等号。错误消息告诉您究竟是什么问题(缺少运算符)及其发生的位置。
There is a typo; comma should be an equal sign. The error message tells you exactly what is the problem (missing operator) and where it occurs.
这篇关于我的登录页面有问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
