好。我为我的生活无法弄清楚为什么登录页面代码不起作用。也许我错过了什么。如果您需要完整的源代码,我非常乐意给予它。我试图让用户名将其与列表进行比较,然后找到其密码,然后与文本框中的密码进行比较。然后如果密码匹配。重定向到帐户页面。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
namespace Vanguardian_Tournaments
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void LoginBTN_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
conn.Open();
string ckUser = "Select Count(*) from UserData where CFAName = '" + LoginTB.Text + "'";
SqlCommand cfaComm = new SqlCommand(ckUser, conn);
int temp = Convert.ToInt32(cfaComm.ExecuteScalar().ToString());
conn.Close();
if (temp == 1)
{
conn.Open();
string ckPass = "Select Password from UserData where CFAName = '" + LoginTB.Text + "'";
SqlCommand PassComm = new SqlCommand(ckPass, conn);
string password = PassComm.ExecuteScalar().ToString().Replace(" ", "");
conn.Close();
if (password == LoginPassTB.Text)
{
Session["Login"] = LoginTB.Text;
Response.Redirect("Account.aspx");
}
else
{
LoginLbl.Text = "CFA Name or Password is incorrect";
}
}
else
{
LoginLbl.Text = "CFA Name does not exist";
}
}
}
}
答案 0 :(得分:2)
请访问此链接。它会让您了解黑客如何从您的登录信息中获取信息以进行查询 https://community.devexpress.com/blogs/donw/archive/2014/10/06/best-practices-building-secure-web-applications-with-devexpress-part-1.aspx
答案 1 :(得分:0)
您是否在if语句上放置了断点并检查了temp的值?可能是您的代码永远不会进入if块。您还使用asp.net提供的登录控件吗?如果是,您无法以这种方式继续,您需要按照以下步骤操作:
http://msdn.microsoft.com/en-us/library/vstudio/ms178329%28v=vs.100%29.aspx