在Visual Studio 2012的前preSS C#登录问题 [英] C# login issue in Visual Studio 2012 express
问题描述
大家好我沃金的一个项目,并且有一定的问题。
它是一种基本的登录应用程序写入到本地数据库。
我知道在安全方面没有权方面,但其只有一个概念证明。
它在我的浏览器验证和负荷高达。
后来,当我填,我得到以下错误信息:
code线突出: INT TEMP = Convert.ToInt32(com.ExecuteScalar()的ToString());
错误如下:
SQLEXCEPTION是由用户code
未处理
近工作人员
的语法不正确
块引用>任何帮助是AP preciated
谢谢下面是我的code:
使用系统;
使用System.Collections.Generic;
使用System.Linq的;
使用的System.Web;
使用System.Web.UI程序;
使用System.Web.UI.WebControls;
使用System.Data.SqlClient的;
使用System.Configuration;公共部分类LoginPage:System.Web.UI.Page
{
保护无效的Page_Load(对象发件人,EventArgs的发送)
{ }
保护无效btnLogin_Click(对象发件人,EventArgs的发送)
{ 如果(的IsPostBack)
{
康涅狄格州的SqlConnection =新的SqlConnection(ConfigurationManager.ConnectionStrings [ShowUsersConnectionString]的ConnectionString);
conn.Open();
字符串checkuser =SELECT COUNT(*)的形式工作人员,其中用户名='+ txtUserName.Text +';
COM的SqlCommand =新的SqlCommand(checkuser,康涅狄格州);
INT TEMP = Convert.ToInt32(com.ExecuteScalar()的ToString()); //
conn.Close();
如果(临时== 1)
{
conn.Open();
字符串CheckPassQuery ='+ txtUserName.Text +,从工作人员那里用户名=选择密码';
的SqlCommand passcom =新的SqlCommand(CheckPassQuery,康涅狄格州);
。字符串密码= passcom.ExecuteScalar()的ToString(); 如果(密码== txtPassword.Text)
{
会话[新] = txtUserName.Text;
的Response.Write(密码正确);
的Response.Redirect(Users.aspx);
}
其他
{
的Response.Write(密码不正确);
} }
其他
{
的Response.Write(用户名ivalid);
} } }
}
解决方案这是你的错误:
字符串checkuser =SELECT COUNT(*)的形式工作人员,其中用户名='+ txtUserName.Text +';
格式
应从
此外,考虑 SQL注入
Guys I am woking on a project and have some issues. Its a basic login app writing to a local DB. I know in terms of security its not right, but its for a proof of concept only. It validates and loads up in my browser. Then when I fill in the data I get the following error:
code line highlighted:
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
error is as follows:SqlException was unhandled by user code
Incorrect syntax near "Staff"
Any help is appreciated Thanks
Here is my code:
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Data.SqlClient; using System.Configuration; public partial class LoginPage : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void btnLogin_Click(object sender, EventArgs e) { if (IsPostBack) { SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ShowUsersConnectionString"].ConnectionString); conn.Open(); string checkuser = "select count(*) form Staff where UserName='" + txtUserName.Text + "'"; SqlCommand com = new SqlCommand(checkuser, conn); int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); // conn.Close(); if (temp == 1) { conn.Open(); string CheckPassQuery = "select password from Staff where UserName='" + txtUserName.Text + "'"; SqlCommand passcom = new SqlCommand(CheckPassQuery, conn); string password = passcom.ExecuteScalar().ToString(); if (password == txtPassword.Text) { Session["New"] = txtUserName.Text; Response.Write("Password correct"); Response.Redirect("Users.aspx"); } else { Response.Write("Password is incorrect"); } } else { Response.Write("Username ivalid"); } } } }
解决方案Here's your error:
string checkuser = "select count(*) form Staff where UserName='" + txtUserName.Text + "'";
form
should befrom
Also, look into SQL Injection
这篇关于在Visual Studio 2012的前preSS C#登录问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!