该代码不起作用 [英] this code is not working

问题描述

受保护的无效btnsubmit_Click(对象发送者，EventArgs e)
{
如果(Session ["Email_id"] == txtid.Text)
{
str ="update login_mst SET，其中密码=""+ txtrepass.Text.ToString()+"'';
con.update(str);
lblmsg.Text =您的密码已更改...";
}
其他
{
lblmsg.Text =错误的Udre ID.";

}
}

请帮我先生，这段代码是什么问题...
我想在我的网站上更改密码...

protected void btnsubmit_Click(object sender, EventArgs e)
{
if (Session["Email_id"] == txtid.Text)
{
str = "update login_mst SET where Password = ''" + txtrepass.Text.ToString() +"''";
con.update(str);
lblmsg.Text = "Your Password is Changed. . .";
}
else
{
lblmsg.Text = "Usre Id Is Wrong. . .";

}
}

plz help me sir what is the problem in this code...
I want to change password in my site...
Plaz sir send me proper code for that.

推荐答案

首先，不起作用"是什么意思?你调试了吗?怎么了 ?

我认为您的SQL错误.实际上，这是非常错误的.您应该购买一本有关SQL的书并阅读它，您显然不知道.即使是正确的，这也将是可怕的.您永远不要通过字符串混搭来构建SQL，请继续阅读SQL注入，以了解如何使用密码更改对话框删除数据库服务器上的所有数据库.

我认为没有人为此代码付钱，因为它离生产质量还有很长的路要走.因此，如果您为自己的利益而烦恼，请慢一点.正确地学习SQL，然后学习如何使用数据库以及如何在应用程序中进行数据访问(提示，将SQL放入表示层是错误的).

如果有人付钱购买此代码，他们可能应该得到他们得到的东西，但是如果您在标签上使用了拼写检查等功能，它将对您有所帮助，例如，它是用户"，而不是"usre".

First of all, what does ''not working'' mean ? Have you debugged it ? What is happening ?

I think your SQL is wrong. Actually, it''s horribly wrong. You should buy a book on SQL and read it, you clearly do not know it. Even if it was right, this would be horrible. You should NEVER build SQL by string mashing, read up on SQL injection to learn how I could use your password change dialog to delete ALL the databases on your database server.

I assume no-one is paying for this code, because it''s a long way from production quality. So, if you''re messing about for your own interest, take it slower. Learn SQL properly, then learn about how to use a database and how to put data access in an application ( clue, putting SQL in your presentation layer is wrong ).

If someone is paying for this code, they probably deserve what they get, but it would help you if you used spell check on your labels, etc, it''s ''user'', not ''usre''.

update login_mst SET where Password 

错误.您需要在SET之后的列名称.示例:

is wrong. You need the column name after SET. Example:

update login_mst SET Password = 'newPassword' WHERE userid = '" + Session["email_id"] + "' 

另外，永远不要将控件的值直接传递到SQL语句中.如果这样做，您的代码很容易被黑客入侵.您需要改为将其作为参数化查询.

Also, DO NOT EVER pass a control''s value directly into a SQL statement. Your code can be easily hacked if you do. You need to do it as a paramaterized query instead.

这篇关于该代码不起作用的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！