在asp.net中更新查询 [英] update query in asp.net
本文介绍了在asp.net中更新查询的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
hi..am sandhya.here是我的code.i没有在code.i中得到任何类型的错误。我想更新我的数据库详细信息。查询中的任何更改都会帮助我。
hi..am sandhya.here is my code.i did'nt get any type of error in code.i want to update my database details.any changes in query pls help me.
Imports System.Data.OleDb
Partial Class forgot_password
Inherits System.Web.UI.Page
Dim cn As OleDbConnection
Dim cmd As OleDbCommand
Dim dr As OleDbDataReader
Dim n As Integer
Private Property Value As Double
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
Try
cn = New OleDbConnection("data source=C:\Users\Administrator\Desktop\login1.mdb;provider=Microsoft.Jet.OLEDB.4.0")
cn.Open()
cmd = New OleDbCommand("update login set password='" + TextBox2.Text + "' where username='" + TextBox1.Text + "'", cn)
'cmd.Connection.Open()
' Dim n As Integer
n = cmd.ExecuteNonQuery()
If n > 1 Then
Response.Write("updation successfull")
Else
Response.Write("updation failed")
End If
'cmd.Connection.Close()
' cn.Close()
Catch ex As Exception
End Try
End Sub
End Class
推荐答案
该代码有两个主要问题:
1)不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
2)绝不以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
还有一件小事:
只有拥有多个用户才能使用相同的用户名...
There are two major things wrong with that code:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
And one minor thing:
It will only work if you have more than one user with the same username...
If n > 1 Then
Response.Write("updation successfull")
尝试:
Try:
If n >= 1 Then
Response.Write("updation successfull")
而不是。
Instead.
这篇关于在asp.net中更新查询的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文