我正在使用以下C#代码登录页面,但收到错误消息:
“请确保用户名和密码正确”
protected void btnlogin_Click(object sender, EventArgs e)
{
int Results = 0;
if (txtUsername.Text != string.Empty && txtPassword.Text != string.Empty)
{
Results = Validate_Logon(txtUsername.Text.Trim(), txtPassword.Text.Trim());
if (Results == 1)
{
lblMessage.Text = "Login is Good, Send the User to another page or enable controls";
}
else
{
lblMessage.Text = "Invalid Login";
lblMessage.ForeColor = System.Drawing.Color.Red;
//Dont Give too much information this might tell a hacker what is wrong in the login
}
}
else
{
lblMessage.Text = "Please make sure that the username and the password is Correct";
}
}
public int Validate_Logon(String Username, String Password)
{
SqlConnection con = new SqlConnection(@"***************");
SqlCommand cmdselect = new SqlCommand();
cmdselect.CommandType = CommandType.StoredProcedure;
cmdselect.CommandText = "[dbo].[Log_Members]";
cmdselect.Parameters.Add("@Username", SqlDbType.VarChar, 256).Value = Username;
cmdselect.Parameters.Add("@UPassword", SqlDbType.VarChar, 55).Value = Password;
cmdselect.Parameters.Add("@OutRes", SqlDbType.Int, 4);
cmdselect.Parameters["@OutRes"].Direction = ParameterDirection.Output;
cmdselect.Connection = con;
int Results = 0;
try
{
con.Open();
cmdselect.ExecuteNonQuery();
Results = (int)cmdselect.Parameters["@OutRes"].Value;
}
catch (SqlException ex)
{
lblMessage.Text = ex.Message;
}
finally
{
cmdselect.Dispose();
if (con != null)
{
con.Close();
}
}
return Results;
}
我需要知道上面的代码有什么问题
答案 0 :(得分:0)
非常简单:
if (txtUsername.Text != string.Empty && txtPassword.Text != string.Empty)
此行返回false,因此执行else
,即:
else
{
lblMessage.Text = "Please make sure that the username and the password is Correct";
}
调试你的代码。
答案 1 :(得分:0)
那么,为什么不检查您实际上是否在用户名和密码文本框中输入了文本?