-5 c# asp.net visual-studio-2012
伙计我正在研究项目并遇到一些问题.它是一个写入本地数据库的基本登录应用程序.我知道在安全方面它不对,但它仅用于概念验证.它在我的浏览器中验证并加载.然后,当我填写数据时,我收到以下错误:
代码行突出显示: int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
错误如下:
用户代码未处理SqlException
"Staff"附近的语法不正确
任何帮助表示赞赏谢谢
这是我的代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class LoginPage : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnLogin_Click(object sender, EventArgs e)
{
if (IsPostBack)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ShowUsersConnectionString"].ConnectionString);
conn.Open();
string checkuser = "select count(*) form Staff where UserName='" + txtUserName.Text + "'";
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); //
conn.Close();
if (temp == 1)
{
conn.Open();
string CheckPassQuery = "select password from Staff where UserName='" + txtUserName.Text + "'";
SqlCommand passcom = new SqlCommand(CheckPassQuery, conn);
string password = passcom.ExecuteScalar().ToString();
if (password == txtPassword.Text)
{
Session["New"] = txtUserName.Text;
Response.Write("Password correct");
Response.Redirect("Users.aspx");
}
else
{
Response.Write("Password is incorrect");
}
}
else
{
Response.Write("Username ivalid");
}
}
}
}
这是你的错误:
string checkuser = "select count(*) form Staff where UserName='" + txtUserName.Text + "'";
form 应该 from
另外,请查看SQL注入
| 归档时间: |
|
| 查看次数: |
169 次 |
| 最近记录: |