嗨，我在Default.Aspx.Cs中有错误 [英] Hi I Have An Error In Default.Aspx.Cs

问题描述

错误







第18行：字符串checkuser =从UserData选择计数（*）其中User Name ='+ TextBoxUN.Text +';

第19行：SqlCommand com = new SqlCommand（checkuser，con）;

第20行：int temp = Convert.ToInt32（com.ExecuteScalar（）。ToString（））;

第21行：if（temp == 1）

第22行：{

error



Line 18: string checkuser="select count(*) from UserData where User Name='" +TextBoxUN.Text + "'";
Line 19: SqlCommand com = new SqlCommand(checkuser, con);
Line 20: int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
Line 21: if (temp == 1)
Line 22: {

推荐答案

两件事，好的，三件事......

1）当你报告一个问题时，请告诉我们问题是什么。这意味着，如果您收到错误消息，请告诉我们消息是什么以及消息发生在哪里 - 否则我们只是猜测......

2）永远不要这样做：不要连接字符串来构建一个SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。特别是在Web应用程序和您的登录代码中...我可以从世界的另一端销毁您的数据库，而不会向您提供任何关于我的信息...

3）你为什么将整数值转换为字符串，以便将其再次转换回整数？



上面修复（2）很有可能修复你的问题...

Two things, OK, three things...
1) When you report a problem TELL US WHAT THE PROBLEM IS. That means, if you get an error message, tell us what the message is, and where it occurs - otherwise we are just guessing...
2) Never do that: Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. Particularly in a Web application, and in your login code...I could destroy your database from the other side of the world, without giving you any information about me...
3) Why are you converting an integer value to a string, in order to convert it right back to an integer again?

There is a very good chance that fixing (2) above will fix your problem...

而不是第20行：int temp = Convert.ToInt32（com.ExecuteScalar（）。ToString（））;



使用



int temp = com.ExecuteScalar（）;

Instead Line 20: int temp = Convert.ToInt32(com.ExecuteScalar().ToString());

Use

int temp = com.ExecuteScalar();

这篇关于嗨，我在Default.Aspx.Cs中有错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！