验证登录页面 - 这个代码有什么问题,它不能正常工作,请帮我纠正我的错误 [英] Validation of login page-whats wrong with this code,its not working,please help me rectify my error

查看:62
本文介绍了验证登录页面 - 这个代码有什么问题,它不能正常工作,请帮我纠正我的错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

private void button1_Click(object sender, EventArgs e)
        {
            if (UsernametextBox.Text == "")
            {
                usernamelabelerror.Visible = true;
                usernamelabelerror.Text = "username should not be blank";
            }
            if (PasswordtextBox.Text == "")
            {
                passwordlabelerror.Visible = true;
                passwordlabelerror.Text = "password should not be blank";
            }



            else
            {
                con.Open();
                SqlCommand cmd = new SqlCommand("select * from registration where username='" + UsernametextBox.Text + "' and password='" + PasswordtextBox.Text + "'", con);
                SqlDataReader rd = cmd.ExecuteReader();

                if (rd.Read())
                {
                    string st = rd["Username"].ToString();
                    string str = rd["Password"].ToString();

                    if (st == "UsernametextBox.Text")
                    {
                        if (str == "PasswordtextBox.Text")
                        {
                            Homepage hp = new Homepage();
                            hp.Show();
                            this.Hide();
                        }
                        else
                        {
                            MessageBox.Show("invalid user");

                        }
                    }
                }
            }
            con.Close();
        }







已添加代码块 - OriginalGriff [/ edit]




[edit]Code block added - OriginalGriff[/edit]

推荐答案

我想到了几件事:

首先,如果密码不是空白,你只会尝试检查详细信息 - 如果用户名是空白,无论如何你都会检查。还有更好的方法来检查空字符串

试试这个:

Several things spring to mind:
First off, you will only try to check details if the pasword is not blank - if the username is blank, you will check anyway. There are also better ways to check for empty strings
Try this:
private void button1_Click(object sender, EventArgs e)
    {
    bool error = false;
    if (string.IsNullOrWhiteSpace(UsernametextBox.Text))
        {
        usernamelabelerror.Visible = true;
        usernamelabelerror.Text = "username should not be blank";
        error = true;
        }
    if (string.IsNullOrWhiteSpace(PasswordtextBox.Text))
        {
        passwordlabelerror.Visible = true;
        passwordlabelerror.Text = "password should not be blank";
        error = true;
        }
    if (!error)
        {
        ...
        }
    }





第二个是你不应该连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。



第三是你不应该以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]



第四个是您将数据库中的用户名与静态文本字符串进行比较:



The second is that you should not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

The third is that you shouldn''t store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

The fourth is that you are comparing the username from the database against a static text string:

if (st == "UsernametextBox.Text")
    {
    if (str == "PasswordtextBox.Text")
       {
       Homepage hp = new Homepage();
       hp.Show();
       this.Hide();
       }
    }

所以,除非他的用户名是UsernametextBox.Text而不是robinnn007,否则他没有进入......

So unless his username is "UsernametextBox.Text" and not "robinnn007" he ain''t getting in...


您的条件结构不正确。请仔细阅读您的代码。

Your conditional structure is not correct. please go through over your code.
private bool ValidateForm()
{
bool returnVal = true;
if (UsernametextBox.Text == "")
{
usernamelabelerror.Visible = true;
usernamelabelerror.Text = "username should not be blank";
returnVal = false;
}
if (PasswordtextBox.Text == "")
{
passwordlabelerror.Visible = true;
passwordlabelerror.Text = "password should not be blank";
returnVal = false;
}
return returnVal;
}





这是你的代码



Here is your code

private void button1_Click(object sender, EventArgs e)
{
if(ValidateForm())
{
con.Open();
SqlCommand cmd = new SqlCommand("select * from registration where username='" + UsernametextBox.Text + "' and password='" + PasswordtextBox.Text + "'", con);
SqlDataReader rd = cmd.ExecuteReader();
 
if (rd.Read())
{
string st = rd["Username"].ToString();
string str = rd["Password"].ToString();
 
if (st == UsernametextBox.Text && str == PasswordtextBox.Text)
{
Homepage hp = new Homepage();
hp.Show();
this.Hide();
}
else
{
MessageBox.Show("invalid user");
}

con.Close();
}
}


请从下面删除报价.....



现有

please remove the Quotation from below.....

Existing
if (st == "UsernametextBox.Text")
                   {
                       if (str == "PasswordtextBox.Text")
                       {







变更后




After Change

if (st == UsernametextBox.Text)
{
     if (str == PasswordtextBox.Text)
     {







完成此更改后,您可以测试...





谢谢,

Suneel Kumar SVS




After making this change you can test...


Thanks,
Suneel Kumar SVS


这篇关于验证登录页面 - 这个代码有什么问题,它不能正常工作,请帮我纠正我的错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆