Question

大家好，首先我想告诉大家我是CSharp的新手，这就是为什么我不知道我创建MySQL连接的方式是错误的，所以我必须用Prepared Statement来改变它。请善待！

这是我尝试使其有效的方法。

[HttpPost]
    public ActionResult ValidatesLogin (User eUser)
    {
        var Email = eUser.Email;
        var Password = eUser.Password;
        try
        {
            MySqlCommand cmd = MySqlConn.cmd;
                cmd = new MySqlCommand(" from User " + "WHERE Email=@email " + "AND Password=@password",
                    MySqlConn.conn);
                cmd.Prepare();
                cmd.Parameters.AddWithValue("@email", username);
                cmd.Parameters.AddWithValue("@password", password);
                int result = (int)cmd.ExecuteReader();


            //encrypting the login user password 
            //the encrypter and decrypter must have same key which is 'kahat' below
            var encryptpassword = EncryptHelper.EncryptString(eUser.Password, "kahat");

            // Returns true when username and password match:
            if (result > 0)
            {
                System.Web.Security.FormsAuthentication.SetAuthCookie(eUser.Email, false);
                return RedirectToAction("Index", "Index", new { area = "Index" });

            }

            else
            {
                TempData["Message"] = "Login failed. Email or password supplied doesn't exist.";
                return View("Index");
            }
        }
        catch (Exception ex)
        {
            return ThrowJsonError(ex);
        }
    }

以下代码是我的实际连接，效果非常好。

 [HttpPost]
        public ActionResult Validate(User eUser)
        {
            try
            {
                //Pull email and password from login page
                var Email = eUser.Email;
                var Password = eUser.Password;

                //Pull first email and password from database
                var currentUser = this.rpGeneric.Find<User>(" from User WHERE Email=:email ", new string[] { "email" }, new object[] { Email }).FirstOrDefault();

                //encrypting the login user password 
                //the encrypter and decrypter must have same key which is 'kahat' below
                var encryptpassword = EncryptHelper.EncryptString(eUser.Password, "kahat");
                //Comparing user password in login page and current password in db
                if (currentUser != null && encryptpassword.Equals(currentUser.Password, StringComparison.Ordinal) && currentUser.EmailConfirmed == true)
                {
                    System.Web.Security.FormsAuthentication.SetAuthCookie(eUser.Email, false);
                    return RedirectToAction("Index", "Index", new { area = "Index" });
                }
                else
                {
                    TempData["Message"] = "Login failed. Email or password supplied doesn't exist.";
                    return View("Index");
                }
            }

            catch (Exception ex)
            {
                return ThrowJsonError(ex);
            }
        }

Answer 1

您的SQL查询不完整。

cmd = new MySqlCommand(" from User " + "WHERE Email=@email " + "AND Password=@password",
                MySqlConn.conn);

你没有告诉MySql你想要它做什么，你需要添加＆＃34;选择＆＃34;子句和您从表中选择的列名：

cmd = new MySqlCommand("select [*],[column, column...] from User " + "WHERE Email=@email " + "AND Password=@password",
                MySqlConn.conn);

Answer 2

好吧，看起来你错过了查询中的SELECT子句，除非它是如下所示的拼写错误

cmd = new MySqlCommand(" from User " + "WHERE Email=@email " + "
                        ^... Here

使用MySQL的CSharp Prepared Statement不起作用

2 个答案: