使用存储过程在asp.net中登录表单 [英] login form in asp.net using stored procedure

问题描述

你好我在这段代码中遇到问题任何人都可以帮助我。程序正在运行但它允许登录错误的用户名和密码。我为此创建了一个存储过程。所以任何人都可以帮我改进这段代码。





存储过程

hello I am having a problem in this code can anyone help me. the program is running but it allows login for wrong user name and password. I have created a stored procedure for this. So anyone can help me to improve this code.


stored procedure

ALTER proc [dbo].[res] @uname  varchar(50)=null , @pword varchar(50)=null

as
select user_name,pass from test3 where user_name = isnull(@uname,user_name) and pass = isnull(@pword,pass)

asp.net代码



使用System.Data;

使用System.Data.SqlClient;

公共部分ial类登录：System.Web.UI.Page

{

SqlConnection con = new SqlConnection（）;

SqlCommand cmd = new SqlCommand（ ）;

protected void Page_Load（object sender，EventArgs e）

{



}

protected void Button1_Click（object sender，EventArgs e）

{

try

{

con .ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings [loginconnectionstring]。ConnectionString;

con.Open（）;

cmd.Connection = con;

cmd.CommandType = CommandType.StoredProcedure;

cmd.CommandText =res;

cmd.Parameters.Add（@ uname，TextBox1.Text ）;

cmd.Parameters.Add（@ pword，TextBox2.Text）;

cmd.ExecuteNonQuery（）;

Label3。可见=真;

Label3.Text =登录成功;

TextBox1.Text =;

TextBox2.Text =;

}

catch（exception ex）

{

Label4.Visible = true;

Label4.Text = ex.ToString（ ）;

}

终于

{

con.Close（）;

}

}

}

asp.net code

using System.Data;
using System.Data.SqlClient;
public partial class login : System.Web.UI.Page
{
SqlConnection con = new SqlConnection();
SqlCommand cmd = new SqlCommand();
protected void Page_Load(object sender, EventArgs e)
{

}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
con.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["loginconnectionstring"].ConnectionString;
con.Open();
cmd.Connection = con;
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "res";
cmd.Parameters.Add("@uname", TextBox1.Text);
cmd.Parameters.Add("@pword", TextBox2.Text);
cmd.ExecuteNonQuery();
Label3.Visible = true;
Label3.Text = "login Successful";
TextBox1.Text = "";
TextBox2.Text = "";
}
catch (Exception ex)
{
Label4.Visible = true;
Label4.Text = ex.ToString();
}
finally
{
con.Close();
}
}
}

推荐答案

你的SP有

Your SP has

where user_name = isnull(@uname,user_name)

这意味着传递一个空的用户名和密码将返回表上的每条记录 - 你只是不需要Isnull - 使用

which means passing a null user name and password will return every record on the table - you just don''t need the Isnull - use

where user_name = @uname

在你的C＃y中ou ExecuteNonQuery - 但您正在执行查询！你可能想要执行此操作并查看返回的记录 - 无效的用户名和密码将有零记录。



如果你只想要一个测试（我的登录通常也返回一些用户数据，所以我可以显示欢迎回来Max而不是欢迎回来Maxxxx0192你可以改变Sp返回一个值 - 类似于



if exists（从usertable中选择1，其中name = @ name和pwd = @pwd）

返回1

else

返回0







然后 - 在你的代码中执行查询然后将标签设置为可见 - 我假设你期待在executeNonQuery上有一个例外 - =除非你的SP无效，否则你不会得到一个 - 即语法不正确。



所以你需要做



int result = cmd。，ExecuteNonQuery



然后测试结果为0或1.

In your C# you ExecuteNonQuery - but you are executing a query! You probabl;y want to execute this and look at the returned records - there will be zero records for an invalid user name and password.

If you do just want a test (my log ins usually return some user data too so I can display "welcome Back Max instead of Welcome Back Maxxxx0192) you could change the Sp to return a value - something like

if exists(select 1 from usertable where name=@name and pwd=@pwd)
return 1
else
return 0



Then - in your code you execute the query then set the labelto visible - I assume you were expecting an exception on the executeNonQuery -= you won''t get one unless your SP is invalid - i.e. syntactically incorrect.

So you need to do

int result = cmd.,ExecuteNonQuery

then test result for 0 or 1.

嗨亲爱的，



这里的东西很简单，只需检查您的存储过程。您正在检查用户名和密码，并且您正在尝试从该记录中获取值（如果存在）。在通过代码访问该值时，您使用了ExecuteNonQuery（） - >只有在操作数据时才需要使用它（DML-插入，更新和删除）。



而不是使用DataReader。将存储过程的返回值分配给datareader。并检查datareader HasRows是否然后说登录成功。



干杯......

Hi Dear,

Here the thing is simple, Just check your stored procedure. You are checking username and password and you are trying to get the values from that record If it exists. And while accessing that values by your code, You used ExecuteNonQuery() --> That need to be used only if you are manipulating the data (DML- Insert, Update and Delete).

Instead of that use a DataReader. assign the return values of the stored proc to datareader. And check if datareader HasRows then say "Login Successful".

Cheers....

这篇关于使用存储过程在asp.net中登录表单的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！