我正在为学位模块编写ASP Web项目,我必须将一些登录详细信息插入到登录表中。它运行正常,而我在.aspx文件中作为脚本运行,但我需要哈希密码,所以,不知道在Code Behind文件之外的方法,我移动了SQLDataSource。这是插入,不起作用。
SqlDataSource sqldsInsertPassword = new SqlDataSource();
sqldsInsertPassword.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
sqldsInsertPassword.ProviderName = ConfigurationManager.ConnectionStrings["ConnectionString"].ProviderName;
sqldsInsertPassword.InsertCommand = "INSERT INTO login (Password, Email) VALUES (@Password, @Email)";
sqldsInsertPassword.InsertCommandType = SqlDataSourceCommandType.Text;
sqldsInsertPassword.InsertParameters.Add("@Email", txtEmail.Text.ToString().ToLower());
sqldsInsertPassword.InsertParameters.Add("@Password", Convert.ToBase64String(getSHA256(txtPassword.Text.ToString())));
sqldsInsertPassword.Insert();
我没有看到这有什么问题,但也许你可以告诉其他同学。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data.Sql;
using System.Web.Security;
using System.Configuration;
using System.Security.Cryptography;
using System.Text;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
public static byte[] getSHA256(string password)
{
SHA256CryptoServiceProvider sha = new SHA256CryptoServiceProvider();
return sha.ComputeHash(System.Text.Encoding.ASCII.GetBytes(password));
}
protected void btnRegister_Click(object sender, EventArgs e)
{//check email, insert user, SQL command get user ID, insert password
SqlDataReader drExistingUsers = (SqlDataReader)sqldsCheckEmail.Select(DataSourceSelectArguments.Empty);
drExistingUsers.Read();
if (drExistingUsers.HasRows == false)
{
drExistingUsers.Close();
bool fault = false;
try
{
sqldsInsertUser.Insert();
}
catch (Exception error)
{
fault = true;
lblError.Text = "Error: " + error;
}
if (fault == false)
{
try
{
SqlDataSource sqldsInsertPassword = new SqlDataSource();
sqldsInsertPassword.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
sqldsInsertPassword.ProviderName = ConfigurationManager.ConnectionStrings["ConnectionString"].ProviderName;
sqldsInsertPassword.InsertCommand = "INSERT INTO login (Password, Email) VALUES (@Password, @Email)";
sqldsInsertPassword.InsertCommandType = SqlDataSourceCommandType.Text;
sqldsInsertPassword.InsertParameters.Add("@Email", txtEmail.Text.ToString().ToLower());
sqldsInsertPassword.InsertParameters.Add("@Password", Convert.ToBase64String(getSHA256(txtPassword.Text.ToString())));
sqldsInsertPassword.Insert();
}
catch (Exception insertError)
{
fault = true;
lblError.Text = "Error: " + insertError;
}
if (fault == false)
Response.Redirect("Login.aspx");
}
}
else
lblError.Text = "Email already exists.";
}
我很欣赏那里有很多我可能不需要的命名空间,但是我会稍后整理它们。
感谢那些回复!
答案 0 :(得分:1)
好的我修好了,那里插入参数的格式化存在某种问题。基本上,我在.aspx文件中重新格式化了我的SQLDataSource,看起来像这样,
<asp:SqlDataSource ID="sqldsInsertPassword" runat="server"
ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
DeleteCommand="DELETE FROM [login] WHERE [UserID] = @UserID"
InsertCommand="INSERT INTO [login] ([Password], [Email]) VALUES (@Password, @Email)"
SelectCommand="SELECT [UserID], [Password], [Email] FROM [login]"
UpdateCommand="UPDATE [login] SET [Password] = @Password, [Email] = @Email WHERE [UserID] = @UserID">
<DeleteParameters>
<asp:Parameter Name="UserID" Type="Int64" />
</DeleteParameters>
<InsertParameters>
<asp:Parameter Name="Password" Type="String" />
<asp:Parameter Name="Email" Type="String" />
</InsertParameters>
<UpdateParameters>
<asp:Parameter Name="Password" Type="String" />
<asp:Parameter Name="Email" Type="String" />
<asp:Parameter Name="UserID" Type="Int64" />
</UpdateParameters>
之后,我将Code Behind中的代码更改为此;
try
{
sqldsInsertPassword.InsertParameters["Email"].DefaultValue = txtEmail.Text.ToString().ToLower();
sqldsInsertPassword.InsertParameters["Password"].DefaultValue = Convert.ToBase64String(getSHA256(txtPassword.Text.ToString()));
sqldsInsertPassword.Insert();
}
现在它有效。我不知道插入参数的旧Code Behind方法是否也能正常工作,但我不会尝试。
答案 1 :(得分:1)
删除@,它将起作用:
sqldsInsertPassword.InsertParameters.Add("Email", txtEmail.Text.ToString().ToLower());