我的登录页面出现问题! [英] I am having trouble with my Login Page!!!
本文介绍了我的登录页面出现问题!的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
这是我的新代码。我回去删除了一些东西并添加了一些东西。当我运行此代码时,我收到此错误:不明确的列名称''EmailAddress''。这意味着什么以及修复它的代码是什么?
This is my new code. I went back and deleted some things and add some also. When I run this code I get this error: Ambiguous column name ''EmailAddress''. What does this mean and what is the code to fix it?
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["PassConnectionString"].ConnectionString);
con.Open();
string insCmd = "Insert into TableSecurity (EmailAddress, Password, Level) values (@EmailAddress, @Password, @Level)";
SqlCommand insertUser = new SqlCommand(insCmd, con);
insertUser.Parameters.AddWithValue("@EmailAddress", TextBox1.Text);
insertUser.Parameters.AddWithValue("@Password", TextBox2.Text);
insertUser.Parameters.AddWithValue("@Level", TextBox1.Text);
string cmdStr="select count(*) from TableCEO, TableIALO where EmailAddress='" + TextBox1.Text + "'";
SqlCommand Checkuser=new SqlCommand (cmdStr,con);
int temp=Convert.ToInt32(Checkuser.ExecuteScalar().ToString());
if (temp==1)
{
string cmdStr2="Select Password from TableSecurity where Password='" + TextBox2.Text + "'";
SqlCommand pass=new SqlCommand(cmdStr2, con);
string password=pass.ExecuteScalar().ToString();
if(password == TextBox2.Text)
{
Session["New"] = TextBox1.Text;
Response.Redirect("Secure.aspx");
}
else
{
Label1.Visible = true;
Label1.Text = "Invalid Password!!!";
}
}
else
{
Label1.Visible = true;
Label1.Text = "Invalid UserName!!!";
}
}
protected void PasswordRecovery1_SendingMail(object sender, MailMessageEventArgs e)
{
}
}
[edit]已添加代码块 - OriginalGriff [/ edit]
[edit]Code block added - OriginalGriff[/edit]
推荐答案
很可能,您正在读回的电子邮件地址为空 - 所以paramater值作为空值传递,SQL抱怨。
给你两个建议:
1)Don''使用电子邮件地址作为用户ID - 创建一个userID列,并使用它来将两个(或更多)表绑定在一起。 (它可以是int和Identity,或GUID - 您的选择)。电子邮件不一定是唯一的,或者不变,你想要一个很好的简单价值。
2)永远不要以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
或者,只需实现成员 [ ^ ]让系统处理所有这些 - 它更容易,也更好用!
Most likely, the email address you are reading back is null - so the paramater value is being passed through as a null value and SQL complains.
Two suggestions for you:
1) Don''t use the email address as a user id - create a userID column instead and use that to tie your two (or more) tables together. (It can be int and Identity, or GUID - your choice). Emails are not necessarily unique, or unchanging and you want a nice simple value for that field.
2) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
Or alternatively, just implement Membership[^] and let the system handle all this - it''s a lot easier and works better too!
这篇关于我的登录页面出现问题!的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
