我们如何在C#中从SQL Server检索和更新密码 [英] how we can retrieve and update password from sql server in c#
问题描述
任何人对此问题都有帮助.
我有一个表单,其中有3个标签和3个文本框.
旧密码,新密码和重新输入密码.
我将这些字段数据输入了数据库表.
我想将旧密码检索到数据库中并更新新密码详细信息.
并检查新密码和重新输入密码是否相同.
我该如何解决这个问题?
hi any body help about this question.
i have one form in that i am having 3 labels and 3 textboxes.
old password,new password and retype password.
i gave those fields data into database table.
i want to retrieve that old password into database and update new password details.
and also check new password and retype password are same or not.
how can i solve this problem?
thanks in advance.
推荐答案
规则一:切勿在数据库中存储密码.
考虑一下:如果任何人都可以访问您的数据库,那么他们就可以访问每个人的密码.由于许多人在每个系统上使用相同的密码,因此这是潜在的重大安全漏洞.
而是使用哈希函数将用户ID和他键入的密码转换为哈希值(请看SHA-它在.NET中作为System.Cryptography命名空间的一部分,并且非常易于使用).
而是存储它.
当用户想要登录时,再次输入输入的密码和输入的用户ID,然后使用相同的哈希函数.将其与为该用户ID存储的数据库版本进行比较.如果相同,请登录.如果有记录,请告诉他他输入了错误.
这样,没有人-甚至没有您-都无法分辨出别人的密码.
要检查新密码和重新输入密码是否相同:
Rule one: Never store passwords in your database.
Think about it: if anyone gets access to your DB, they get access to everyones passwords. Since many people use the same password for every system, this is a potential major security breach.
Instead, use a hashing function to convert the userID and the password he typed to a hash value (look at SHA - it''s in .NET as part of the System.Cryptography namespace, and very easy to use).
Store that instead.
When the user wants to log in, take the UserID he enters, again with the password he typed, and use the same hash function. Compare that with the database version stored for that userID. If they are the same, log him in. If note, tell him he made a mistake.
This way, noone - not even you - can tell what someones password is.
To check if the new password and the retype password are the same:
if (textboxNewPassword.Text == textboxRetypePassword.Text)
{
// They are the same...
}
要更新密码,请使用相同的哈希过程,然后使用SQL UPDATE命令:
To update the password, use the same hashing process, then use the SQL UPDATE command:
using (SqlCommand com = new SqlCommand("UPDATE usersTable SET password=@PS WHERE userID=@ID", con))
{
com.Parameters.AddWithValue("@ID", userID);
com.Parameters.AddWithValue("@PS", myHashedValue);
com.ExecuteNonQuery();
}
1)基于某些ID/用户名击中db使用datareader/adapter从数据库表中获取旧密码.
2)使用比较验证器比较输入的新密码的两个文本框.
3)从一个文本框(新密码)中获取值,并使用旧密码在数据库中更新它.
试试.
1)Based on some id/username hit the db Use a datareader/adapter to get the old password from the database table.
2)Use a compare validator to compare the two text boxes of entered new passwords.
3)Take the value from one of the textboxs(new password) and update it in database with the old password.
Try..
您可以使用DataTable和DataAdapter检索密码
----------------------------------
与sql server建立连接后,使用代码并输入选择查询...
You can use DataTable and DataAdapter to retrive the password
----------------------------------
Use the code after you make the connection with sql server and enter the select query...
<pre lang="midl">
SqlCommand cmd = ....;
........
DataTable DTBL = null;
SqlDataAdapter Adapter = new SqlDataAdapter(cmd);
DTBL = new DataTable();
Adapter.Fill(DTBL);
string id = DTBL.Rows[Row].ItemArray[0].ToString();
string password = DTBL.Rows[Row].ItemArray[1].ToString();
---------------------------------------------
现在要更新密码,请使用以下sql查询..
-----------------------------------
---------------------------------------------
Now to update password use the following sql query..
-----------------------------------
string sql = "update tbl_name set password = @password where id=@id";
SqlCommand cmd1 = new SqlCommand(sql, conn);
cmd1.Parameters.AddWithValue("@password", txt_password.Text);
cmd1....
try
{
conn.open();
cmd1.ExecuteNonQuery();
MessageBox("type some string");
}
catch
{
MessageBox("Type some string");
}
finally
{
conn.close();
}
-------------------------------
我希望它能起作用...
-------------------------------
I hope it worked......
这篇关于我们如何在C#中从SQL Server检索和更新密码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
