将文本框值与sql server数据库进行比较 [英] comparing textbox values with sql server database

问题描述

大家好。我正在使用登录功能。我的代码如下

hi every one.i am working with login functionality.i have code below

protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection();
conn.ConnectionString = System.Configuration.ConfigurationManager.ConnectionStrings["leave"].ConnectionString;
            conn.Open();

            string id = TextBox1.Text;
            string password = Textbox2.Text;
            SqlCommand cmd = new SqlCommand("Select uname, pswd from emp_details where uname = @id and pswd = @password ", conn);

            SqlDataReader dr = cmd.ExecuteReader();
            if (dr.HasRows)
            {
                conn.Close();
                Response.Redirect("Default.aspx");

            }
}

i按钮点击后出现错误.... 必须声明标量变量@ id。



任何帮助都会非常适合.....

i am getting the error after button click....Must declare the scalar variable "@id".

any help would be greatly appriciated.....

推荐答案

SqlCommand cmd = new SqlCommand("Select uname, pswd from emp_details where uname = @id and pswd = @password ", conn);

$ b在上面的代码之后$ b，写下这些行

after your above code, write these lines

cmd.Parameters.Add(new SqlParameter("@id", "id here"));
cmd.Parameters.Add(new SqlParameter("@password", "password here"));

要添加到Faisalabadians所说的内容（并且他的内容是正确的），不要这样做！

永远不要存储密码明文 - 这是一个重大的安全风险。有关如何在此处执行此操作的信息：密码存储：如何做到这一点。 [ ^ ]

To add to what Faisalabadians says (and he is right as far as it goes), do not do it that way anyway!
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

您正在使用标量变量 @id 和 @password 。你还应该提一下这是什么类型的参数！添加以下代码行。

You are using the scalar variable @id and @password. You should also mention what type of parameter is this! Add the following line of code.

SqlCommand cmd = new SqlCommand("Select uname, pswd from emp_details where uname = @id and pswd = @password ", conn);
cmd.Parameters.Add(new SqlParameter("@id", System.Data.SqlDbType.VarChar)).Value = TextBox1.Text;
cmd.Parameters.Add(new SqlParameter("@password", System.Data.SqlDbType.VarChar)).Value = TextBox2.Text;

这里，

Here,

cmd.Parameters.Add(new SqlParameter("@id", System.Data.SqlDbType.VarChar)).Value = TextBox1.Text;

告诉编译器参数 @id 的类型为 SQL VarChar ，然后将值 TextBox1.Text 赋值给参数< b> @id 。

现在，因为您的参数已声明，当编译器到达此行时

is telling the compiler that the parameter @id is of type SQL VarChar, and then assigning the value TextBox1.Text to the parameter @id.
Now, since your parameters are declared, when the compiler reaches at this line

SqlDataReader dr = cmd.ExecuteReader();

它知道参数的数据类型，你不会得到你在问题中提到的错误。



希望有所帮助。

干杯，

Naman

It knows the data type of your parameter and you will not get the error you mentioned in your question.

Hope that helps.
Cheers,
Naman

这篇关于将文本框值与sql server数据库进行比较的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！