我收到此错误,
无法评估表达式,因为代码已优化或本机框位于调用堆栈之上。
而且我不知道是什么导致了它。
登录和会话选择有两种方法。登录会话只匹配电子邮件和密码;并且会话选择使用将用作会话ID的GUID查询数据库。在Login
中调用SessionSelection()
时会抛出错误
private void SessionSelection( )
{
string connectstr = "data source=.\\SQLEXPRESS;Integrated Security=True; Initial Catalog= NewApp";
try
{
string query = @"SELECT UserIDkey FROM Registration WHERE Email='" + txtEmail.Text.Trim() + "'";
SqlConnection con = new SqlConnection(connectstr);
SqlCommand cmd = new SqlCommand(query, con);
con.Open();
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
string SessionResult = reader["UserIDkey"].ToString();
Session["PrivateKey"] = SessionResult;
//SessionResult = SpecialKey;
}
reader.Close();
con.Close();
}
catch
{
}
}
private void Login()
{
string passwordEncryption = txtPassword.Text.Trim();
System.Security.Cryptography.MD5CryptoServiceProvider x2 = new System.Security.Cryptography.MD5CryptoServiceProvider();
byte[] bs2 = System.Text.Encoding.UTF8.GetBytes(passwordEncryption);
bs2 = x2.ComputeHash(bs2);
System.Text.StringBuilder s2 = new System.Text.StringBuilder();
foreach (byte b in bs2)
{
s2.Append(b.ToString("x2").ToLower());
}
string EncryptedPassword = s2.ToString();
if (!string.IsNullOrEmpty(txtEmail.Text))
{
string connectstr = "data source=.\\SQLEXPRESS;Integrated Security=True; Initial Catalog= NewApp";
// (ConfigurationManager.AppSettings["connectionString"]);
try
{
string query = @"SELECT * FROM Registration WHERE Email='" + txtEmail.Text.Trim() + "'and Password='" + EncryptedPassword + "'";
SqlConnection con = new SqlConnection(connectstr);
SqlCommand cmd = new SqlCommand(query, con);
con.Open();
var Results = (int)cmd.ExecuteScalar();
//string sqlRead = cmd.ExecuteReader().ToString();
if (Results > 0)
{
SessionSelection();
txtEmail.Text = "";
txtPassword.Text = "";
Response.Redirect("~/Home.aspx");
}
else
{
Response.Write("Incorrect UserName/Password");
}
con.Close();
}
catch (Exception ex)
{
Response.Write("Incorrect UserName/Password");
}
}
答案 0 :(得分:2)
问题:您没有在Email string
方法中的命令字符串中and
和Login()
关键字之间留出空格:
string query = @"SELECT * FROM Registration WHERE Email=
'" + txtEmail.Text.Trim() + "'and Password='" + EncryptedPassword + "'";
^^^
解决方案:您需要在Email string
方法的命令字符串中的and
和Login()
关键字之间留出空格:
试试这个:
string query = @"SELECT * FROM Registration WHERE Email=
'" + txtEmail.Text.Trim() + "' and Password='" + EncryptedPassword + "'";
建议:您的查询向SQL Injection attacks
开放,因此我强烈建议您使用Parameterised queries
来避免SQL Injection attacks
。
解决方案2:与Parameterised queries
try
{
string query = @"SELECT * FROM Registration WHERE Email=@Email
and Password=@Password";
SqlConnection con = new SqlConnection(connectstr);
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("@Email",txtEmail.Text.Trim());
cmd.Parameters.AddWithValue("@Password",EncryptedPassword);
con.Open();
var Results = (int)cmd.ExecuteScalar();
//string sqlRead = cmd.ExecuteReader().ToString();
if (Results > 0)
{
SessionSelection();
txtEmail.Text = "";
txtPassword.Text = "";
Response.Redirect("~/Home.aspx");
}
else
{
Response.Write("Incorrect UserName/Password");
}
con.Close();
}
答案 1 :(得分:0)
问题是 Response.Redirect(“〜/ Home.aspx”,false);
要解决此问题,请使用以下方法之一: 对于Response.End,调用HttpContext.Current.ApplicationInstance.CompleteRequest方法而不是Response.End来绕过代码执行到Application_EndRequest事件。 对于Response.Redirect,使用一个重载,Response.Redirect(String url,bool endResponse),它为endResponse参数传递false以禁止对Response.End的内部调用。例如: Response.Redirect(“nextpage.aspx”,false);
如果使用此解决方法,则会执行Response.Redirect之后的代码。 对于Server.Transfer,请改用Server.Execute方法。
<强>修正强> Response.Redirect(“〜/ Home.aspx”,false);