验证数据集的电子邮件和密码输入

时间:2014-04-30 20:21:04

标签: c# asp.net validation datatable dataset

我正在尝试根据数据库中数据集的结果验证表单中的用户输入。我不知道我是在实现逻辑还是在foreach循环中尝试(我有点基于逻辑来实现)。我试图将数据表的索引(从数据集创建)分配给变量,然后检查它们是否与用户输入匹配。这是一个体面的方式吗?可能吗?我怎样才能做到这一点?

我从代码中得到错误,我认为我正确实现了您可以在代码的注释中找到的内容。

protected void btnSubmit_Click(object sender,EventArgs e)     {         //为数据集创建连接以填充电子邮件和密码以进行验证         string ConnectionString = ConfigurationManager.ConnectionStrings [" ContourCoffeeRoastersConnectionString"]。ConnectionString; ;         SqlConnection Conn = new SqlConnection(ConnectionString);         Conn.Open(); 

    //creats a data set with database information and puts the dataset in a datatable
    SqlDataAdapter daCustomer = new SqlDataAdapter("Select (CustEmail, CustPW) From Customer", Conn);
    DataSet dsEmailsandPW = new DataSet("Emails");
    daCustomer.Fill(dsEmailsandPW, "Customers");//I get and error here in my stack trace
    DataTable tblCustomers;
    tblCustomers = dsEmailsandPW.Tables["Customers"];

    //sets the variable to user inputed data from the login form so it can be compared and validated to the dataset
    string custEmail = exampleInputEmail1.Text;
    string custPW = exampleInputPassword1.Text;

    //looks through each row on the data set to see if a matching email can be found
    foreach (DataRow drCurrent in tblCustomers.Rows)
    {
        string txtEmail = drCurrent[0].ToString();//sets a variable to the first index of the current row of the dataset
        if (txtEmail == custEmail)//if a match is found with the user input and a record in the database through the data set the password is then checked for validation
        {
            string txtPW = drCurrent[1].ToString();//assigns a vaiable to the second index of the row that should contain customer password
            if (txtPW == custPW)//if the password is a match 
            {
                lblLogin.Text = "You are logged in!";
                //TODO: query for cartID and set it to the cookie!!!!! 
            }
            else
            {
                lblLogin.Text = "Email/username combination is not correct";
            }
        }
        else
        {
            lblLogin.Text = "Email/username combination is not correct";
        }
    }

1 个答案:

答案 0 :(得分:0)

我建议发送查询

"SELECT CustEmail FROM Customer where CustPW =" + custPw;

并将其评估为布尔值。 如果它回来了,你有一个有效的登录。 如果它返回false,则登录无效。

您也可以执行类似

的操作 
"SELECT CustEmail FROM Customer where CustPW =" + sha1(custPw);

如果密码已加密,您可以加密他们尝试的登录密码并进行检查 反对DB的加密密码。

编辑:我还建议将查询存储为存储过程,只提供可变数据。

相关问题
最新问题