我想改变pwd并同时更新我的数据库。 [英] i want to change pwd and same time updating my db.
本文介绍了我想改变pwd并同时更新我的数据库。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
嗨..我想要更改我的密码。我有用户名,密码,新密码和确认密码是textboxes.after运行gm.i没有得到任何错误消息,但它不更新我的数据库。这是我的代码。请帮助我。
hi..here i want to change my password.i have username,password,new password and confirm password are textboxes.after running the gm.i didn't get any error message but it doesn't update my database.here it is my code.so please help me.
Imports System.Data.OleDb
Imports System.Data
Partial Class update
Inherits System.Web.UI.Page
Dim cn As OleDbConnection
Dim cmd As OleDbCommand
Dim dr As OleDbDataReader
Dim n As Integer
Dim Adapte As OleDbDataAdapter = New OleDbDataAdapter
Private Property txtnewpass As Object
Private Property txtconfirmpass As Object
Private Property txtuserid As Object
Private Property txtoldpass As Object
Private Property count As Integer
Private Property newPass As Object
Private Property ex As Exception
Private Property username As String
Private Property password As String
Private Property conPass As Object
Private Property this As Object
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Try
cn = New OleDbConnection("data source=C:\Users\Administrator\Desktop\login1.mdb;provider=Microsoft.Jet.OLEDB.4.0")
cn.Open()
username = TextBox1.Text
password = TextBox2.Text
newPass = TextBox3.Text
conPass = TextBox4.Text
cmd = New OleDbCommand("select username,password from login where username = @username and password = @password", cn)
cmd.Parameters.AddWithValue("@username", this.TextBox1.Text)
cmd.Parameters.AddWithValue("@password", this.TextBox2.Text)
dr = cmd.ExecuteReader()
dr.Read()
If (dr("username").ToString() <> String.Empty & dr("password").ToString() <> String.Empty) Then
If newPass.Trim() <> conPass.Trim() Then
Label5.Text = "New Password and old password does not match"
End If
Else
End If
cmd = New OleDbCommand("UPDATE login SET passwd = '" + TextBox3.Text + "' WHERE username ='" + TextBox1.Text + "'", cn)
cmd.Parameters.AddWithValue("@newPasss", this.TextBox3.Text)
cmd.Parameters.AddWithValue("@username", this.TextBox1.Text)
cmd.Parameters.AddWithValue("@password", this.TextBox2.Text)
Int(count = cmd.ExecuteNonQuery())
If (count > 0) Then
Label5.Text = "Password changed successfully"
Else
End If
Label5.Text = "password not changed"
Catch ex As Exception
End Try
End Sub
Protected Sub Button2_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button2.Click
Session.Abandon()
Response.Redirect("Login.aspx")
End Sub
End Class
推荐答案
我能看到的一个问题
更新查询...
One Problem I can see
The Update query...
cmd = New OleDbCommand("UPDATE login SET passwd = '" + TextBox3.Text + "' WHERE username ='" + TextBox1.Text + "'", cn)
cmd.Parameters.AddWithValue("@newPasss", this.TextBox3.Text)
cmd.Parameters.AddWithValue("@username", this.TextBox1.Text)
cmd.Parameters.AddWithValue("@password", this.TextBox2.Text)
应如下所示...
should be like below...
cmd = New OleDbCommand("UPDATE login SET passwd = @newPasss WHERE username = @username AND passwd = @password", cn)
cmd.Parameters.AddWithValue("@newPasss", newPass)
cmd.Parameters.AddWithValue("@username", username)
cmd.Parameters.AddWithValue("@password", password)
这将帮助您限制 SQL注入攻击。
但是你不应该直接存储密码,而是改变你的逻辑来实现一些加密,以便密码将受到保护。不建议插入纯文本密码。
This will help you to restrict SQL Injection Attack.
But you should not directly store the Password, instead change your logic to implement some Encryption so that Password will be protected. Inserting plain text Password is not recommended.
这篇关于我想改变pwd并同时更新我的数据库。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文