什么是错误的Wd Ds ..在运行它显示用户名不正确但我使用相同的用户名I.E.管理员 [英] What Is Wrong Wd Ds..On Run It Is Showing Username Is Not Correct But I M Using Same Username I.E. Admin
问题描述
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ABCConnectionString2"].ConnectionString);
conn.Open();
string chkuser = "select count(*) from Admin_login where uname='" + TextBox1.Text + "' ";
SqlCommand com = new SqlCommand(chkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
conn.Close();
if (temp == 1)
{
conn.Open();
string checkpassword = " select pass from Admin_login where uname='" + TextBox1.Text + "' ";
SqlCommand PassCom = new SqlCommand(checkpassword, conn);
string passwd = PassCom.ExecuteScalar().ToString().Replace(" ", "");
if (passwd == TextBox2.Text)
{
//Session["New"] = TextBox1.Text;
//Response.Write("password is correct");
Response.Redirect("Details.aspx");
}
else
{
Response.Write("password is InCorrect");
}
}
else
{
Response.Write("username is InCorrect");
}
}
}
推荐答案
Wd Wd Ds是什么
您想要一份清单吗?
从错误使用案例开始:它不是每个单词的大写字母。一句话以大写字母开头 - 之后是除了名字之外的小写字母。
那么,你不喜欢元音:Wd Ds - with this。
IM应该有一个撇号:我是
不要将字符串连接到构建一个SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
为什么要将值转换为字符串,然后立即将其转换为整数?
"What Is Wrong Wd Ds"
Would you like a list?
Start with your incorrect use of case: It Isn't A Upper Case For Every Word. A sentence starts with Upper Case - after that it's Lower Case except for names.
Then, it's your dislike of vowels: "Wd Ds" - "with this".
"I M" should have an apostrophe: "I'm"
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Why convert a value to a string, and then immediately convert that to an integer?
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
相反,只需转换值:
Instead, just cast the value:
int temp = (int) com.ExecuteScalar();
切勿以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
String.Replace替换所有实例,而不仅仅是末端的实例。使用String.Trim。
为什么要关闭连接,如果你要立即再打开它?
连接和命令是恐慌资源 - 您负责关闭和处理它们。最简单的方法是使用使用
块。
最后:看看你的数据。使用调试器来跟踪您的代码并查看到底发生了什么。我们不能 - 我们无法访问您的SQL服务器实例或您的数据库......
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
String.Replace replaces all instances, not just the ones at the ends. Use String.Trim for that.
Why close a connection, if you are about to immediately open it again?
Connections and Commands are scares resources - you are responsible for closing and disposing of them. The easiest way to do this is to use a using
block.
And finally: look at your data. Use the debugger to follow your code through and look at exactly what is happening. We can't - we don't have access to your SQL server instance or your DB...
这篇关于什么是错误的Wd Ds ..在运行它显示用户名不正确但我使用相同的用户名I.E.管理员的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!