public partial class SignUp : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btSignup_Click(object sender, EventArgs e)
{
if (tbUname.Text != "" & tbPass.Text != "" && tbName.Text != "" && tbEmail.Text != "" && tbCPass.Text != "")
{
if (tbPass.Text == tbCPass.Text)
{
String CS = ConfigurationManager.ConnectionStrings["Database_AvaliacaoConnectionString1"].ConnectionString;
using (SqlConnection con = new SqlConnection(CS))
{
SqlCommand cmd = new SqlCommand("insert into Users Values('" + tbUname.Text + "','" + tbPass.Text + "','" + tbEmail.Text + "','" + tbName.Text + "','')", con);
con.Open();
cmd.ExecuteNonQuery();
lblMsg.Text = "Registration Successfull";
lblMsg.ForeColor = Color.Green;
// Response.Redirect("~/Signin.aspx");
}
}
else
{
lblMsg.ForeColor = Color.Red;
lblMsg.Text = "Passwords do not match";
}
}
else
{
lblMsg.ForeColor = Color.Red;
lblMsg.Text = "All Fields Are Mandatory";
}
}
}
在Users表中,我得到了以下值
[Uid] int IDENTITY (1,1) PRIMARY KEY,
[Username] NVARCHAR(MAX) NULL,
[Password] NVARCHAR(MAX) NULL,
[Email] NVARCHAR(MAX) NULL,
[Name] NVARCHAR(MAX) NULL
我尝试注册时出现以下错误:
System.Data.SqlClient.SqlException:'只有在使用列列表且IDENTITY_INSERT为ON时,才能指定表'Users'中标识列的显式值。'
出于某种原因,它不允许我添加值。
答案 0 :(得分:2)
您按照表格中的顺序插入列:
"insert into Users Values('" + tbUname.Text + "','" + tbPass.Text + "','" + tbEmail.Text + "','" + tbName.Text + "','')"
所以你在这里说第一个字段UID应该设置为tbUname.Text中的任何字段。那是胡说八道。
相反,请指定要插入的字段,然后按顺序列出它们:
"insert into Users (Username, Password, Email, [Name]) Values('" + tbUname.Text + "','" + tbPass.Text + "','" + tbEmail.Text + "','" + tbName.Text + "')"
代码中无关但令人不安的事情:
不要将SQL字符串连接在一起。这使您对SQL注入攻击敞开大门。而是parameterize您的SQL
不要在数据库中以纯文本格式存储密码。它们应该是hashed and salted。