嗨朋友,这是一个简单的密码更改程序。我有一个例外,任何人都可以帮我改进这段代码。 [英] Hi friends this is a simple program for password change. I am having an exception in it can anyone pls help me in improving this code.
本文介绍了嗨朋友,这是一个简单的密码更改程序。我有一个例外,任何人都可以帮我改进这段代码。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
protected void Button1_Click( object sender,EventArgs e)
{
try
{
cmd.Connection =精读;
con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings [ loginconnectionstring]。ConnectionString ;
con.Open();
if (TextBox3.Text!= TextBox2.Text)
{
Label5.Visible = 真跨度>;
Label5.Text = 密码不匹配请再试一次;
}
cmd .CommandType = CommandType .StoredProcedure;
cmd .CommandText = passchange;
cmd .Parameters .AddWithValue( @ uname,TextBox4.Text);
cmd .Parameters .AddWithValue( @ pass,TextBox2 .Text);
cmd .ExecuteNonQuery();
Label7.Visible = true ;
Label7.Text = 密码已成功更新;
}
catch (例外情况)
{
Label6 .Visible = 真跨度>;
Label6 .Text = ex .ToString();
}
最后
{
con .Close();
}
}
< pre lang =SQL> ALTER proc [dbo]。[passchange]
(
@ uname varchar ( 50 ), @ upass varchar ( 50 )
)
as
update test3 set pass = @ upass 其中 username = @ uname
解决方案
你好,
您在程序中的参数名称和传递的编码是不同的。
您在程序中通过 @upass ,在编码中通过 @pass 。
谢谢,
Abhimanyu
请不要以明文形式存储密码 - 这是一个巨大的安全风险。请看这里:密码存储:如何操作。 [ ^ ]
另外,在方法开始时进行所有验证是一个很好的做法,所以你不会花时间或资源加载你赢得的东西''使用 - 除非在您的情况下,如果新密码不匹配您报告问题并且他们无论如何都会覆盖旧密码,因此用户不知道他的密码是什么......
除此之外,请检查您的姓名:@ upass与@pass不同...
您正在使用SP和编码中参数的不同名称。
protected void Button1_Click(object sender, EventArgs e)
{
try
{
cmd.Connection = con;
con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["loginconnectionstring"].ConnectionString;
con.Open();
if (TextBox3.Text != TextBox2.Text)
{
Label5.Visible = true;
Label5.Text = "Password Doesn't Match Please try Again";
}
cmd .CommandType=CommandType .StoredProcedure;
cmd .CommandText="passchange";
cmd .Parameters .AddWithValue("@uname", TextBox4.Text);
cmd .Parameters .AddWithValue ("@pass", TextBox2 .Text);
cmd .ExecuteNonQuery();
Label7.Visible = true;
Label7.Text = "Password Updated Successully";
}
catch(Exception ex)
{
Label6 .Visible =true;
Label6 .Text = ex .ToString();
}
finally
{
con .Close();
}
}
ALTER proc [dbo].[passchange]
(
@uname varchar(50),@upass varchar(50)
)
as
update test3 set pass=@upass where username=@uname
解决方案
hello,
Your parameter name in procedure and passing in coding are different.
you are passing @upass in procedure and @pass in coding.
Thanks,
Abhimanyu
Please, don''t store passwords in clear text - it is a huge security risk. Have a look here: Password Storage: How to do it.[^]
Plus, it is a good practice to do all your validation at the start of a method, so you don''t wate time or resources loading stuff you won''t use - except in you case, if the new passwords don''t match you report a problem and them overwrite the old password anyway, so the user doesn''t have a clue what his password is...
Other than that, check your names: "@upass" is not the same as "@pass"...
you are using different name for parameter in SP and coding.
这篇关于嗨朋友,这是一个简单的密码更改程序。我有一个例外,任何人都可以帮我改进这段代码。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文