将文本框值与sql server数据库进行比较 [英] comparing textbox values with sql server database
问题描述
大家好。我正在使用登录功能。我的代码如下
hi every one.i am working with login functionality.i have code below
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection();
conn.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["leave"].ConnectionString;
conn.Open();
string id = TextBox1.Text;
string password = Textbox2.Text;
SqlCommand cmd = new SqlCommand("Select uname, pswd from emp_details where uname = @id and pswd = @password ", conn);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.HasRows)
{
conn.Close();
Response.Redirect("Default.aspx");
}
}
i按钮点击后出现错误.... 必须声明标量变量@ id。
任何帮助都会非常适合.....
i am getting the error after button click....Must declare the scalar variable "@id".
any help would be greatly appriciated.....
推荐答案
SqlCommand cmd = new SqlCommand("Select uname, pswd from emp_details where uname = @id and pswd = @password ", conn);
$ b在上面的代码之后$ b,写下这些行
after your above code, write these lines
cmd.Parameters.Add(new SqlParameter("@id", "id here"));
cmd.Parameters.Add(new SqlParameter("@password", "password here"));
要添加到Faisalabadians所说的内容(并且他的内容是正确的),不要这样做!
永远不要存储密码明文 - 这是一个重大的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
To add to what Faisalabadians says (and he is right as far as it goes), do not do it that way anyway!
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
您正在使用标量变量 @id 和 @password 。你还应该提一下这是什么类型的参数!添加以下代码行。
You are using the scalar variable @id and @password. You should also mention what type of parameter is this! Add the following line of code.
SqlCommand cmd = new SqlCommand("Select uname, pswd from emp_details where uname = @id and pswd = @password ", conn);
cmd.Parameters.Add(new SqlParameter("@id", System.Data.SqlDbType.VarChar)).Value = TextBox1.Text;
cmd.Parameters.Add(new SqlParameter("@password", System.Data.SqlDbType.VarChar)).Value = TextBox2.Text;
这里,
Here,
cmd.Parameters.Add(new SqlParameter("@id", System.Data.SqlDbType.VarChar)).Value = TextBox1.Text;
告诉编译器参数 @id 的类型为 SQL VarChar ,然后将值 TextBox1.Text 赋值给参数< b> @id 。
现在,因为您的参数已声明,当编译器到达此行时
is telling the compiler that the parameter @id is of type SQL VarChar, and then assigning the value TextBox1.Text to the parameter @id.
Now, since your parameters are declared, when the compiler reaches at this line
SqlDataReader dr = cmd.ExecuteReader();
它知道参数的数据类型,你不会得到你在问题中提到的错误。
希望有所帮助。
干杯,
Naman
It knows the data type of your parameter and you will not get the error you mentioned in your question.
Hope that helps.
Cheers,
Naman
这篇关于将文本框值与sql server数据库进行比较的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!