什么是错误的Wd Ds ..在运行它显示用户名不正确但我使用相同的用户名I.E.管理员 [英] What Is Wrong Wd Ds..On Run It Is Showing Username Is Not Correct But I M Using Same Username I.E. Admin

问题描述

protected void Button1_Click(object sender, EventArgs e)
        {

            SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ABCConnectionString2"].ConnectionString);
            conn.Open();
            string chkuser = "select count(*) from Admin_login where uname='" + TextBox1.Text + "'  ";
            SqlCommand com = new SqlCommand(chkuser, conn);
            int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
            conn.Close();
            if (temp == 1)
            {
                conn.Open();
                string checkpassword = " select pass from Admin_login where uname='" + TextBox1.Text + "'  ";
                SqlCommand PassCom = new SqlCommand(checkpassword, conn);
                string passwd = PassCom.ExecuteScalar().ToString().Replace(" ", "");
                if (passwd == TextBox2.Text)
                {
                    //Session["New"] = TextBox1.Text;
                    //Response.Write("password is correct");
                    Response.Redirect("Details.aspx");
                }
                else
                {
                    Response.Write("password is InCorrect");
                }
            }
            else
            {
                Response.Write("username is InCorrect");
            }
        }
    }

推荐答案

Wd Wd Ds是什么



您想要一份清单吗？



从错误使用案例开始：它不是每个单词的大写字母。一句话以大写字母开头 - 之后是除了名字之外的小写字母。



那么，你不喜欢元音：Wd Ds - with this。



IM应该有一个撇号：我是



不要将字符串连接到构建一个SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。



为什么要将值转换为字符串，然后立即将其转换为整数？

"What Is Wrong Wd Ds"

Would you like a list?

Start with your incorrect use of case: It Isn't A Upper Case For Every Word. A sentence starts with Upper Case - after that it's Lower Case except for names.

Then, it's your dislike of vowels: "Wd Ds" - "with this".

"I M" should have an apostrophe: "I'm"

Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

Why convert a value to a string, and then immediately convert that to an integer?

int temp = Convert.ToInt32(com.ExecuteScalar().ToString());

相反，只需转换值：

Instead, just cast the value:

int temp = (int) com.ExecuteScalar();

切勿以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息：密码存储：如何做到这一点。 [ ^ ]



String.Replace替换所有实例，而不仅仅是末端的实例。使用String.Trim。



为什么要关闭连接，如果你要立即再打开它？



连接和命令是恐慌资源 - 您负责关闭和处理它们。最简单的方法是使用使用块。



最后：看看你的数据。使用调试器来跟踪您的代码并查看到底发生了什么。我们不能 - 我们无法访问您的SQL服务器实例或您的数据库......

Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

String.Replace replaces all instances, not just the ones at the ends. Use String.Trim for that.

Why close a connection, if you are about to immediately open it again?

Connections and Commands are scares resources - you are responsible for closing and disposing of them. The easiest way to do this is to use a using block.

And finally: look at your data. Use the debugger to follow your code through and look at exactly what is happening. We can't - we don't have access to your SQL server instance or your DB...

这篇关于什么是错误的Wd Ds ..在运行它显示用户名不正确但我使用相同的用户名I.E.管理员的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！