方法错误无法计算表达式

时间:2014-06-28 20:02:16

标签: c# mysql

我收到此错误,

  

无法评估表达式,因为代码已优化或本机框位于调用堆栈之上。

而且我不知道是什么导致了它。

登录和会话选择有两种方法。登录会话只匹配电子邮件和密码;并且会话选择使用将用作会话ID的GUID查询数据库。在Login

中调用SessionSelection()时会抛出错误
private void SessionSelection( )
{


 string connectstr = "data source=.\\SQLEXPRESS;Integrated Security=True; Initial Catalog= NewApp";

    try
    {
        string query = @"SELECT UserIDkey FROM Registration WHERE Email='" + txtEmail.Text.Trim() + "'";

        SqlConnection con = new SqlConnection(connectstr);
        SqlCommand cmd = new SqlCommand(query, con);
        con.Open();
        SqlDataReader reader = cmd.ExecuteReader();

        while (reader.Read())
        {
            string SessionResult = reader["UserIDkey"].ToString();
            Session["PrivateKey"] = SessionResult;

            //SessionResult = SpecialKey;
        }
        reader.Close();
        con.Close();
    }
    catch
    {
    }

}


private void Login()
{

    string passwordEncryption = txtPassword.Text.Trim();

    System.Security.Cryptography.MD5CryptoServiceProvider x2 = new System.Security.Cryptography.MD5CryptoServiceProvider();
    byte[] bs2 = System.Text.Encoding.UTF8.GetBytes(passwordEncryption);
    bs2 = x2.ComputeHash(bs2);
    System.Text.StringBuilder s2 = new System.Text.StringBuilder();
    foreach (byte b in bs2)
    {
        s2.Append(b.ToString("x2").ToLower());
    }
    string EncryptedPassword = s2.ToString();


    if (!string.IsNullOrEmpty(txtEmail.Text))
    {
        string connectstr = "data source=.\\SQLEXPRESS;Integrated Security=True; Initial Catalog= NewApp";
        //  (ConfigurationManager.AppSettings["connectionString"]); 
        try
        {
            string query = @"SELECT * FROM Registration WHERE Email='" + txtEmail.Text.Trim() + "'and Password='" + EncryptedPassword + "'";

            SqlConnection con = new SqlConnection(connectstr);
            SqlCommand cmd = new SqlCommand(query, con);

            con.Open();

            var Results = (int)cmd.ExecuteScalar();

            //string sqlRead = cmd.ExecuteReader().ToString();

            if (Results > 0)
            {


                SessionSelection();

                txtEmail.Text = "";
                txtPassword.Text = "";
                Response.Redirect("~/Home.aspx");
            }

            else
            {
                Response.Write("Incorrect UserName/Password");
            }
            con.Close();
        }


        catch (Exception ex)
        {
            Response.Write("Incorrect UserName/Password");
        }
    }

2 个答案:

答案 0 :(得分:2)

问题:您没有在Email string方法中的命令字符串中andLogin()关键字之间留出空格:

string query = @"SELECT * FROM Registration WHERE Email= 
         '" + txtEmail.Text.Trim() + "'and Password='" + EncryptedPassword + "'";
                                      ^^^  

解决方案:您需要在Email string方法的命令字符串中的andLogin()关键字之间留出空格:

试试这个:

string query = @"SELECT * FROM Registration WHERE Email= 
      '" + txtEmail.Text.Trim() + "' and Password='" + EncryptedPassword + "'";

建议:您的查询向SQL Injection attacks开放,因此我强烈建议您使用Parameterised queries来避免SQL Injection attacks

解决方案2:Parameterised queries

try
{
    string query = @"SELECT * FROM Registration WHERE Email=@Email 
                                                        and Password=@Password";
    SqlConnection con = new SqlConnection(connectstr);
    SqlCommand cmd = new SqlCommand(query, con);
    cmd.Parameters.AddWithValue("@Email",txtEmail.Text.Trim());
    cmd.Parameters.AddWithValue("@Password",EncryptedPassword);
    con.Open();
    var Results = (int)cmd.ExecuteScalar();
    //string sqlRead = cmd.ExecuteReader().ToString();
    if (Results > 0)
    {
        SessionSelection();
        txtEmail.Text = "";
        txtPassword.Text = "";
        Response.Redirect("~/Home.aspx");
    }
    else
    {
        Response.Write("Incorrect UserName/Password");
    }
    con.Close();
}

答案 1 :(得分:0)

问题是 Response.Redirect(“〜/ Home.aspx”,false);

要解决此问题,请使用以下方法之一: 对于Response.End,调用HttpContext.Current.ApplicationInstance.CompleteRequest方法而不是Response.End来绕过代码执行到Application_EndRequest事件。 对于Response.Redirect,使用一个重载,Response.Redirect(String url,bool endResponse),它为endResponse参数传递false以禁止对Response.End的内部调用。例如:   Response.Redirect(“nextpage.aspx”,false);

如果使用此解决方法,则会执行Response.Redirect之后的代码。 对于Server.Transfer,请改用Server.Execute方法。

<强>修正 Response.Redirect(“〜/ Home.aspx”,false);