简单的登录C#和MySQL的Web应用程序 [英] simple login C# and MySQL web application
问题描述
我在我的code一些错误,由于某种原因,当我试图抓住它抛出了错误,称这是缺少大量的支架虽然我不认为这是结束。
可能有人请让我知道我在哪里出了问题。
code:
命名空间登录
{
公共部分类_Default:页
{
// tabels和dataadapters的decleration包括我的MySQL DATABSE我的连接字符串
DataSet的DS =新的DataSet();
的MySqlConnection CS =新的MySqlConnection(@SERVER = ********;用户名= ******;密码= ******;允许零日期时间= TRUE;初始目录= benoatsc_GreenFilm); MySqlDataAdapter的DA =新MySqlDataAdapter的();
DataTable的DT =新的DataTable();
字符串totalDonations =的String.Empty; 保护无效的button1_Click(对象发件人,EventArgs的发送)
{
尝试
{
的MySqlCommand的SelectCommand =新的MySqlCommand(从films.user其中user_name =选择*'+ this.username.Text +和密码='+ this.password.Text +;,CS);
MySqlDataReader将myreader;
cs.Open();
myreader = SelectCommand.ExecuteReader(); 诠释计数= 0;
而(myreader.Read())
{
数=计+ 1;
} 如果(计数== 1)
{
的Response.Write(@< SCRIPT LANGUAGE =JavaScript的'>警报('哇你的!');< / SCRIPT>中);
} 否则如果(计数大于1)
{
的Response.Write(@< SCRIPT LANGUAGE =JavaScript的'>警报('重复');< / SCRIPT>中);
} 其他的Response.Write(@< SCRIPT LANGUAGE =JavaScript的'>警报(密码错误);< / SCRIPT>中); cs.Close();
} 赶上(异常前)
{
的Response.Write(@< SCRIPT LANGUAGE =JavaScript的'>警报(ex.message);< / SCRIPT>中);
}
}
}
}
问题1:您已经打开额外的柯利括号 {
在 try块
。结果
问题2:您已经打开 USER_NAME
与参数单引号
,但您还没有关闭单引号
。
解决方案1:您需要删除try块后打开额外的柯利括号结果。
解决方案2:您需要附上 USER_NAME
参数与单引号
正确
建议:您的查询是开放的 SQL注入攻击
,我会建议使用参数化查询
避免这种情况。
完成code:是参数化查询
命名空间登录
{
公共部分类_Default:页
{
// tabels和dataadapters的decleration包括我的MySQL DATABSE我的连接字符串
DataSet的DS =新的DataSet();
的MySqlConnection CS =新的MySqlConnection(@SERVER = ********;用户名= ******;密码= ******;允许零日期时间= TRUE;初始目录= benoatsc_GreenFilm); MySqlDataAdapter的DA =新MySqlDataAdapter的();
DataTable的DT =新的DataTable();
字符串totalDonations =的String.Empty; 保护无效的Page_Load(对象发件人,EventArgs的发送)
{ } 保护无效的button1_Click(对象发件人,EventArgs的发送)
{
尝试
{ 的MySqlCommand的SelectCommand =新的MySqlCommand(从films.user其中user_name = @用户名和密码= @密码选择*;CS);
MySqlDataReader将myreader;
SelectCommand.Parameters.AddWithValue(@用户名,this.username.Text);
SelectCommand.Parameters.AddWithValue(@密码,this.password.Text);
cs.Open(); myreader = SelectCommand.ExecuteReader(); 诠释计数= 0;
而(myreader.Read())
{
数=计+ 1;
} 如果(计数== 1)
{
的Response.Write(@< SCRIPT LANGUAGE =JavaScript的'>警报('哇你的!');< / SCRIPT>中);
} 否则如果(计数大于1)
{
的Response.Write(@< SCRIPT LANGUAGE =JavaScript的'>警报('重复');< / SCRIPT>中);
} 其他的Response.Write(@< SCRIPT LANGUAGE =JavaScript的'>警报(密码错误);< / SCRIPT>中); cs.Close();
} 赶上(异常前)
{
的Response.Write(@< SCRIPT LANGUAGE =JavaScript的'>警报(ex.message);< / SCRIPT>中);
} // catch块结束 } // try块的结束
} //类的结束
} //命名空间的结束
I Have a few bugs in my code, for some reason when I try to catch at the end it throws up errors saying it is missing lots of brackets although I don't think it is. could some one please let me know where I have gone wrong.
Code:
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Button1_Click(object sender, EventArgs e)
{
try
{
MySqlCommand SelectCommand = new MySqlCommand("select * from films.user where user_name='" + this.username.Text + "; and password='" + this.password.Text + "';", cs);
MySqlDataReader myreader;
cs.Open();
myreader = SelectCommand.ExecuteReader();
int count = 0;
while (myreader.Read())
{
count = count + 1;
}
if (count == 1)
{
Response.Write(@"<script language='javascript'>alert('wow your in !!');</script>");
}
else if (count > 1)
{
Response.Write(@"<script language='javascript'>alert('duplicate');</script>");
}
else Response.Write(@"<script language='javascript'>alert('wrong password');</script>");
cs.Close();
}
catch (Exception ex)
{
Response.Write(@"<script language='javascript'>alert(ex.message);</script>");
}
}
}
}
Problem 1: you have opened extra curley brace {
after try block
.
Problem 2: you have opened user_name
parameter with single quotes
but you have not closed with single quotes
.
Solution 1: you need to remove extra curley brace opened after try block.
Solution 2: you need to enclose user_name
parameter with single quotes
properly.
Suggestion : your query is open to SQL Injection attacks
, i would suggest to use parameterised queries
to avoid this.
Complete Code: using parameterised queries
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
MySqlCommand SelectCommand = new MySqlCommand("select * from films.user where user_name=@username and password=@password;", cs);
MySqlDataReader myreader;
SelectCommand.Parameters.AddWithValue("@username",this.username.Text);
SelectCommand.Parameters.AddWithValue("@password",this.password.Text);
cs.Open();
myreader = SelectCommand.ExecuteReader();
int count = 0;
while (myreader.Read())
{
count = count + 1;
}
if (count == 1)
{
Response.Write(@"<script language='javascript'>alert('wow your in !!');</script>");
}
else if (count > 1)
{
Response.Write(@"<script language='javascript'>alert('duplicate');</script>");
}
else Response.Write(@"<script language='javascript'>alert('wrong password');</script>");
cs.Close();
}
catch (Exception ex)
{
Response.Write(@"<script language='javascript'>alert(ex.message);</script>");
}//end of catch block
}//end of try block
}//end of class
}//end of namespace
这篇关于简单的登录C#和MySQL的Web应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!