代码无法检查已注册的电子邮件 [英] code not working to check email already registered or not
本文介绍了代码无法检查已注册的电子邮件的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
通过以下代码我尝试检查已经注册的电子邮件(数据库是否有)但是没有工作,请帮助我
Through following code i try to check email already registered(database have or not) or not but it is not working kindly help me
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class new_add_donor : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["mandConnectionString"].ConnectionString);
conn.Open();
string checkdonor = "select count(*) from mydatabase where email='"+TextBox4.Text+"'";
SqlCommand com = new SqlCommand(checkdonor, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
if (temp == 1)
{
Response.Write("You Email ID is Already Registered Click on Forget Password if you have not Password");
}
conn.Close();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["mandConnectionString"].ConnectionString);
conn.Open();
string insertQuery = "insert into mydatabase (dob,name,father,gender,bgroup,distt,tehsil,cv,email,password,repassword,no1,no2,av_not,userdate,user_type) values (@dDate ,@dname ,@dfather ,@dgender ,@dbg ,@ddistt ,@dtehsil ,@dcv ,@demail ,@dpass ,@drepass ,@dno1 ,@dno2 ,@dav ,@ddate ,@duser1)";
SqlCommand com = new SqlCommand(insertQuery, conn);
com.Parameters.AddWithValue("@ddob", TextBox1.Text);
com.Parameters.AddWithValue("@dname", TextBox2.Text);
com.Parameters.AddWithValue("@dfather", TextBox3.Text);
com.Parameters.AddWithValue("@dgender", DropDownList1.Text);
com.Parameters.AddWithValue("@dbg", DropDownList2.Text);
com.Parameters.AddWithValue("@ddistt", DropDownList3.Text);
com.Parameters.AddWithValue("@dtehsil", DropDownList4.Text);
com.Parameters.AddWithValue("@dcv", DropDownList5.Text);
com.Parameters.AddWithValue("@demail", TextBox4.Text);
com.Parameters.AddWithValue("@dpass", TextBox5.Text);
com.Parameters.AddWithValue("@drepass", TextBox6.Text);
com.Parameters.AddWithValue("@dno1", TextBox7.Text);
com.Parameters.AddWithValue("@dno2", TextBox8.Text);
com.Parameters.AddWithValue("@dav", DropDownList6.Text);
com.Parameters.AddWithValue("@ddate", TextBox9.Text);
com.Parameters.AddWithValue("@duser1", TextBox10.Text);
com.ExecuteNonQuery();
Response.Write("<script>alert('Dairy has been Saved Successfully.');</script>");
conn.Close();
}
catch (Exception ex)
{
Response.Write("Error:" + ex.ToString());
}
}
}
推荐答案
首先,请看问题的评论by itislikethis。
从一开始你的方法就错了。通过串联从UI获取的字符串组成的查询。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。
这是它的工作原理: http://xkcd.com/327 。
你明白了吗?从控件中获取的字符串可以是任何东西,包括......一段SQL代码。
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection 。
使用ADO.NET,使用:http://msdn.microsoft.com/en-us/library/ff648339.aspx 。
请参阅我过去的答案有更多细节:
在com.ExecuteNonQuery中更新EROR( ); ,
嗨名字没有显示在名称中?。
-SA
First of all, please see the comment to the question by itislikethis.
Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection.
This is how it works: http://xkcd.com/327.
Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.
—SA
这篇关于代码无法检查已注册的电子邮件的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
