我在visual studio 2010中开发了一个Web应用程序,并尝试在此应用程序中添加用户登录系统。到目前为止,我无法验证用户密码,因为该程序通知我所有密码都是错误的,即使它与该用户名相关联的密码也是如此。这是我儿子写的代码:
protected void n_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
con.Open();
string cmdStr = "select count(*) from Registration where UserName='" + TextBoxUserName.Text + "'";
SqlCommand CheckUser = new SqlCommand(cmdStr, con);
int Temp = Convert.ToInt32(CheckUser.ExecuteScalar().ToString());
if (Temp == 1)
{
string cmdStr2 = "Select Password from Registration where UserName ='" + TextBoxUserName.Text + "'";
SqlCommand pass = new SqlCommand(cmdStr2, con);
string password = pass.ExecuteScalar().ToString();
con.Close();
if (password == TextBoxPassword.Text)
{
Session["New"] = TextBoxUserName.Text;
Response.Redirect("HomePage.aspx");
}
else
{
Label1.Visible = true;
Label1.Text = "Password is invalid";
}
}
else
{
Label1.Visible = true;
Label1.Text = "Username is invalid";
}
}
}
}
无论输入什么密码,程序都会输出'密码无效',表明问题出在if语句的第一部分?或它使用的变量? 可能还值得一提的是,无效的用户名以相同的方式标记,这样可以正常工作。
提前致谢:)
答案 0 :(得分:1)
答案 1 :(得分:1)
你正在做的事情似乎过于复杂,不应该做它应该做的事情。
编辑:我在用户评论后编辑了我的答案:
public bool Login(String uName, String pasw)
{
using (SqlConnection myConnection = new SqlConnection(connString))
{
string oString = "Select ID from yourTable where username = @username AND paswoord = @password";
SqlCommand oCmd = new SqlCommand(oString, myConnection);
oCmd.Parameters.AddWithValue("@username", uName);
oCmd.Parameters.AddWithValue("@password", pasw);
string id = null;
myConnection.Open();
using (SqlDataReader oReader = oCmd.ExecuteReader())
{
while (oReader.Read())
{
id = oReader["id"].ToString();
}
myConnection.Close();
}
if (id == null)
{
return false;
}
else
{
return true;
}
}
}