Bee*_*eep 1 c# mysql asp.net login web-applications
我的代码中有一些错误,由于某种原因,当我试图抓住最后它会抛出错误,说它缺少很多括号,尽管我认为不是.有人可以让我知道我哪里出错了.
码:
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Button1_Click(object sender, EventArgs e)
{
try
{
MySqlCommand SelectCommand = new MySqlCommand("select * from films.user where user_name='" + this.username.Text + "; and password='" + this.password.Text + "';", cs);
MySqlDataReader myreader;
cs.Open();
myreader = SelectCommand.ExecuteReader();
int count = 0;
while (myreader.Read())
{
count = count + 1;
}
if (count == 1)
{
Response.Write(@"<script language='javascript'>alert('wow your in !!');</script>");
}
else if (count > 1)
{
Response.Write(@"<script language='javascript'>alert('duplicate');</script>");
}
else Response.Write(@"<script language='javascript'>alert('wrong password');</script>");
cs.Close();
}
catch (Exception ex)
{
Response.Write(@"<script language='javascript'>alert(ex.message);</script>");
}
}
}
}
问题1:你{之后打开了额外的curley大括号try block.
问题2:您已打开user_name参数,single quotes但尚未关闭single quotes.
解决方案1:您需要移除尝试阻止后打开的额外的curley大括号.
解决方案2:您需要正确地包含user_name参数single quotes.
建议:您的查询是开放的SQL Injection attacks,我建议使用parameterised queries以避免这种情况.
完整代码:使用parameterised queries
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
MySqlCommand SelectCommand = new MySqlCommand("select * from films.user where user_name=@username and password=@password;", cs);
MySqlDataReader myreader;
SelectCommand.Parameters.AddWithValue("@username",this.username.Text);
SelectCommand.Parameters.AddWithValue("@password",this.password.Text);
cs.Open();
myreader = SelectCommand.ExecuteReader();
int count = 0;
while (myreader.Read())
{
count = count + 1;
}
if (count == 1)
{
Response.Write(@"<script language='javascript'>alert('wow your in !!');</script>");
}
else if (count > 1)
{
Response.Write(@"<script language='javascript'>alert('duplicate');</script>");
}
else Response.Write(@"<script language='javascript'>alert('wrong password');</script>");
cs.Close();
}
catch (Exception ex)
{
Response.Write(@"<script language='javascript'>alert(ex.message);</script>");
}//end of catch block
}//end of try block
}//end of class
}//end of namespace
| 归档时间: |
|
| 查看次数: |
3881 次 |
| 最近记录: |