我做了一个发帖表格,“教授应该输入他们的用户名和密码才能发帖,对此我没有任何错误。 但是当我运行它时,即使输入正确的用户名和密码,它也总是会执行“ else”命令。 这是我的代码
protected void Button9_Click(object sender, EventArgs e)
{
string postname = this.Postuser.Text;
string postpass = this.Postpass.Text;
string posttitle = this.TOP.Text;
string postbody = this.BOP.Text;
string sqlstr2 = "select * from professors WHERE pname='" + Postuser + "' AND ppass='" + Postpass + "'";
DataTable dt1 = DBFunction.SelectFromTable(sqlstr2, "DBS.accdb");
if (dt1.Rows.Count > 0)
{
string sqlpost2 = "insert into post2(Professor,Title,Body)";
sqlpost2 += "value('" + postname + "','" + posttitle + "','" + postbody + "')";
DBFunction.ChangeTable(sqlpost2, "DBS.accdb");
}
else
this.Label1.Text = "Posting on this wall is only allowed for profesors and it seems that you're not one";
DataList1.DataBind();
}
答案 0 :(得分:1)
在下面的代码行中,您尝试连接PostUser和PostPass控件而不是其文本属性
应更改以下代码:
string sqlstr2 = "select * from professors WHERE pname='" + Postuser + "' AND ppass='" + Postpass + "'";
将这样的代码更新为保存用户名和密码的文本值的postname和postpass变量
string sqlstr2 = "select * from professors WHERE pname='" + postname + "' AND ppass='" + postpass + "'";
注意:您的代码容易受到sql注入攻击的攻击,因此必须使用参数化查询