我正在尝试创建一个登录页面,并针对数据库验证传入的详细信息。但是我的代码无法交叉检查数据库中的数据。下面是我从应用程序中获得的输出结果:
以下是我正在处理的代码
Default.aspx代码:
<%@ Page Title="" Language="C#" MasterPageFile="~/MasterPage.master"AutoEventWireup="true" CodeFile="LogIn.aspx.cs" Inherits="LogIn" %>
<asp:Content ID="Content1" ContentPlaceHolderID="Head" Runat="Server">
</asp:Content>
<asp:Content ID="Content2" ContentPlaceHolderID="body" Runat="Server">
<!-- Login & Register -->
<section>
<div class="pageintro">
<div class="pageintro-bg">
<img src="images/bg-page_01.jpg" alt="About Us"/>
</div>
<div class="pageintro-body">
<h1 class="pageintro-title">Login</h1>
<nav class="pageintro-breadcumb">
<ul>
<li>
<a href="#">Home</a>
</li>
<li>
<a href="#">Login</a>
</li>
</ul>
</nav>
</div>
</div>
</section>
<!-- Login -->
<div class="col-lg-6 ">
<div class="au-form-body p-r-lg-15 p-r-xl-15">
<h2 class="au-form-title form-title-border">Login</h2>
<fieldset class="m-t-40">
<div class="form-group au-form require">
<label>Email address</label>
<asp:TextBox ID="txtemail" runat="server"></asp:TextBox>
</div>
<div class="form-group au-form require">
<label>Password</label>
<asp:TextBox ID="txtpwd" runat="server" TextMode="Password"></asp:TextBox>
</div>
<div class="form-group au-form">
<asp:Button ID="loginbtn" runat="server" Text="Log In" OnClick="Button1_Click" />
<asp:Label ID="loginmessage" runat="server"></asp:Label>
<asp:Button ID="logoutbtn" runat="server" OnClick="Button2_Click" Text="Log Out" Visible="False" />
<div class="form-forgot w-100 m-t-10">
<a href="forgetpassword.aspx">Lost your password?</a>
</div>
</div>
</fieldset>
</div>
</div>
<!-- End Login -->
Default.aspx.cs代码
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
public partial class LogIn : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection sqlCon = new SqlConnection(@"Data Source=TEAFAMILY;Initial Catalog=Bolsen;Integrated Security=True; MultipleActiveResultSets=true;");
sqlCon.Open();
Type cstype = this.GetType();
SqlCommand cmd;
SqlDataReader rdr;
String strSql1 = "SELECT * FROM Customers ";
cmd = new SqlCommand(strSql1, sqlCon);
rdr = cmd.ExecuteReader();
while (rdr.Read() == true)
{
if (txtemail.Text == (string)rdr["cEmail"] &&
txtpwd.Text == (string)rdr["cPassword"])
{
Session["sFlag"] = "T"; // sFlag = "T" means user has logged in
Session["sName"] = rdr["Firstname"];
Session["sEmail"] = rdr["cEmail"];
Session["sAddress"] = rdr["cCompanyAddress"];
Session["sEmail"] = rdr["cEmail"];
logoutbtn.Visible = true;
sqlCon.Close();
Response.Redirect("Default.aspx");
} //end of if
} //end of while loop
// userid and password not matched, hence login unsuccessful
Session["sFlag"] = "F";
Session["sName"] = "";
Session["sUserId"] = "";
loginmessage.Text = "Error in login - Please login again ";
sqlCon.Close();
}
protected void Button2_Click(object sender, EventArgs e)
{
logoutbtn.Visible = false;
Session["sFlag"] = "L"; // L for logout
Session["sName"] = "";
Session["sUserId"] = "";
Session["sOrderNo"] = "";
txtemail.Text = "";
txtpwd.Text = "";
Response.Redirect("Default.aspx");
}
}
有人会指出代码有什么问题吗?
答案 0 :(得分:0)
无需仅从数据库中获取所有记录即可检查单个结果。将您的Button1_Click事件代码更改为此:
protected void Button1_Click(object sender, EventArgs e)
{
string username = txtemail.Text;
string password = txtpwd.Text;
using (SqlConnection sqlCon = new SqlConnection(@"Data Source=TEAFAMILY;Initial Catalog=Bolsen;Integrated Security=True; MultipleActiveResultSets=true;"))
{
string query = "SELECT Top(1) * FROM Customers WHERE cEmail = @Username and cPassword = @Password";
SqlCommand cmd = new SqlCommand(query, sqlCon);
cmd.Parameters.AddWithValue("@Username", username);
cmd.Parameters.AddWithValue("@Password", password);
sqlCon.Open();
SqlDataReader rdr = cmd.ExecuteReader();
if (rdr.Read())
{
Session["sFlag"] = "T"; // sFlag = "T" means user has logged in
Session["sName"] = rdr["Firstname"];
Session["sEmail"] = rdr["cEmail"];
Session["sAddress"] = rdr["cCompanyAddress"];
Session["sEmail"] = rdr["cEmail"];
logoutbtn.Visible = true;
sqlCon.Close();
Response.Redirect("Default.aspx");
}
else
{
Session["sFlag"] = "F";
Session["sName"] = "";
Session["sUserId"] = "";
loginmessage.Text = "Error in login - Please login again ";
}
}
}