我在loginpage.aspx中收到错误 [英] iam getting error in loginpage.aspx
本文介绍了我在loginpage.aspx中收到错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
protected void Button_Login_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
con.Open();
string checkuser = "select count(*) from UserData where [User Name]='" + TextBoxUserName.Text + "'";
SqlCommand com = new SqlCommand(checkuser, con);
SqlDataReader dr = com.ExecuteReader();
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
con.Close();
if (temp == 1)
{
con.Open();
string checkPasswordQuery = "select password from UserData where [User Name]'" + TextBoxUserName.Text + "'";
SqlCommand passCom = new SqlCommand(checkPasswordQuery, con);
string password = passCom.ExecuteScalar().ToString().Replace(" ","");
if (password == TextBoxPassword.Text)
{
Session["New"] = TextBoxUserName.Text;
Response.Write("Password is correct");
Response.Redirect("Mnager.aspx");
}
else
{
Response.Write("Password is not correct");
}
[edit]已添加代码块 - OriginalGriff [/ edit]
[edit]Code block added - OriginalGriff[/edit]
推荐答案
为了善良!
好的 - 如果不知道你得到的确切错误,我们无法具体说明你遇到的问题究竟是什么以及是什么原因引起的。
但是......
三个主要的事情告诉我不要尝试修复这段代码:
1)不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。特别是登录页面,任何人都可以访问,并且可以在不需要任何登录凭据的情况下销毁您的数据库。
2)绝不以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
3)当.NET提供更好,更安全,更简单的系统而你根本不需要做什么时,为什么要重新发明轮子来处理登录?请参阅此处:会员介绍 [ ^ ]
For goodness sake!
OK - without knowing the exact error you are getting we can't be specific about what exactly is the problem you are having and what causes it.
But...
Three major things tell me not to try and fix this code:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. Particularly with a login page where anyone has access and can destroy your database without needing any login credentials.
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
3) Why are you reinventing the wheel to handle logins when .NET provides a better, securer, and simpler system without you needing to do very much at all? See here: Introduction to Membership[^]
这篇关于我在loginpage.aspx中收到错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
