我使用 asp.net框架通过电子邮件发送忘记密码。 但我认为我的代码中存在一些问题。 请帮忙 。 button_click 事件代码如下所示。
protected void frgtbtn_Click(object sender, EventArgs e)
{
string st = "select E_mail FROM registraion_master WHERE E_mail='" + Email.Text + "'";
cmd = new SqlCommand(st, sqlcon);
cmd.Connection.Open();
SqlDataAdapter sda = new SqlDataAdapter(cmd);
DataSet ds=new DataSet();
sda.Fill(ds);
cmd.Connection.Close();
if(ds.Tables[0].Rows.Count > 0)
{
MailMessage email = new MailMessage();
email.From = new MailAddress(Email.Text); //Enter sender email address.
email.To.Add(Email.Text); //Destination Recipient e-mail address.
email.Subject = "Your Forget Password:"; //Subject for your request.
email.Body = "Hi,Your Password is: " + ds.Tables[0].Rows[0]["Pwd"] + "";
email.IsBodyHtml = true;
//SMTP SERVER DETAILS
SmtpClient smtpc = new SmtpClient("smtp.gmail.com");
smtpc.Port = 587;
smtpc.UseDefaultCredentials = false;
smtpc.EnableSsl = true;
gmail_ID.Text = "anuragdixit132@gmail.com";//Enter your gmail id here
gmail_pwd.Text="vineet";//Enter your gmail id here
smtpc.Credentials = new NetworkCredential(gmail_ID.Text,gmail_pwd.Text);
smtpc.Send(email);
string script = @"<script language=""javascript""> alert('Password Has Been Sent.......!!!!!.');
</script>;";
Page.ClientScript.RegisterStartupScript(this.GetType(), "myJScript1", script);
}
else
{
pwdlbl.Text = "This email address is not exist in our Database try again";
}
在此代码中:有一个例外:列&#39; Pwd&#39;不属于表格表。
答案 0 :(得分:2)
重现问题的最短途径:
string st = "select E_mail FROM registraion_master WHERE E_mail='" + Email.Text + "'";
cmd = new SqlCommand(st, sqlcon);
cmd.Connection.Open();
SqlDataAdapter sda = new SqlDataAdapter(cmd);
DataSet ds=new DataSet();
sda.Fill(ds);
cmd.Connection.Close();
ds.Tables[0].Rows[0]["Pwd"];
很明显,您只为E_mail而不是Pwd查询数据库。如果Pwd是registraion_master表的一部分,那么解决方案可以是:
string st = "select E_mail,Pwd FROM registraion_master WHERE E_mail='" + Email.Text + "'";
但是我希望pwd不以明文保存。并开始使用参数化查询,您的查询受sql注入。我猜你在屏幕上显示用户输入时也有跨站点脚本问题,当你向用户发送密码时,你有跨站脚本...