Nag*_*tri 1 c# sql ado.net visual-studio-2008
我想更改用户密码.我无法更新密码:(.我收到的消息是密码更改,因为它没有改变.我的代码如下..如果有人可以建议我哪里出错了.我只是一个初学者...
protected void Button1_Click(object sender, EventArgs e)
{
DatabaseLayer data = new DatabaseLayer();
string username = Session["Authenticate"].ToString();
string password = TextBox1.Text;
string newpass = TextBox2.Text;
string confirm = TextBox3.Text;
string flag = "";
if (newpass.ToString() == confirm.ToString())
{
flag = data.passwordChange(username, password, newpass);
Literal1.Text = flag.ToString();
}
else
{
Literal1.Text = "New Password does not match the Confirm Password ";
}
}
上面的点击事件必须更改我的密码,函数passwordChange如下.
public string passwordChange(string username, string password, string newPasswd)
{
string SQLQuery = "SELECT password FROM LoginAccount WHERE username = '" + username + "'";
string SQLQuery1 = "UPDATE LoginAccount SET password = ' " + newPasswd + " ' WHERE username = ' " + username + "'";
SqlCommand command = new SqlCommand(SQLQuery, sqlConnection);
SqlCommand command1 = new SqlCommand(SQLQuery1, sqlConnection);
sqlConnection.Open();
string sqlPassword = "";
SqlDataReader reader;
try
{
reader = command.ExecuteReader();
if (reader.Read())
{
if (!reader.IsDBNull(0))
{
sqlPassword = reader["password"].ToString();
}
}
reader.Close();
if (sqlPassword.ToString() == password.ToString())
{
try
{
int flag = 0;
flag = command1.ExecuteNonQuery();
if (flag > 0)
{
sqlConnection.Close();
return "Password Changed Successfully";
}
else
{
sqlConnection.Close();
return "User Password could not be changed";
}
}
catch (Exception exr)
{
sqlConnection.Close();
return "Password Could Not Be Changed Please Try Again";
}
}
else
{
sqlConnection.Close();
return "User Password does not Match";
}
}
catch (Exception exr)
{
sqlConnection.Close();
return "User's Password already exists";
}
}
我附近有一个断点
if(flag>0)
它仍然显示executeNonquery aint返回更新的行值,并且还在SQL服务器的后端,它没有变化,请如果有人可以纠正我...我应该使用其他执行命令还是什么?我是用VS 2008和SQL Server 2005做的.
1:这是你的单引号和双引号之间的间距:(像:' " + username + " ')
2)你乞求SQL注入.
在您的PasswordChange方法中尝试这个:
public string PasswordChange(string userName, string oldPass, string newPass)
{
using(SqlConnection sqlConnection = new SqlConnection(
ConfigurationManager.ConnectionStrings["LoginDb"].ConnectionString))
{
string sqlToConfirmOldPass =
"SELECT password FROM LoginAccount WHERE username = @userName";
string sqlToUpdatePassword =
"UPDATE LoginAccount SET password = @newPass WHERE username = @userName";
SqlCommand confirmOldPass = new SqlCommand(sqlToConfirmOldPass, sqlConnection);
confirmOldPass.Parameters.AddWithValue("@userName", userName);
SqlCommand updatePassword = new SqlCommand(sqlToUpdatePassword, sqlConnection);
updatePassword.Parameters.AddWithValue("@newPass", newPass);
updatePassword.Parameters.AddWithValue("@userName", userName);
[Rest of your code goes here]
}
}
我也没有看到你在哪里设置你的SqlConnection,所以我为它添加了一行.您需要根据需要进行修改.