C# ASP.NET Web 应用程序简单登录表单
声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow
原文地址: http://stackoverflow.com/questions/19945255/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me):
StackOverFlow
ASP.NET Web Application Simple Login form
提问by SRoy
I am beginner in .Net Technology . I want to develop a web Application , Login Module with Username,Password and Button component. I have got issue on it .So plz help me to do login mod properly .
我是 .Net 技术的初学者。我想开发一个 web 应用程序,带有用户名、密码和按钮组件的登录模块。我遇到了问题。所以请帮助我正确地登录 mod。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data;
using System.Configuration;
namespace WebApplication2_loginPageTest
{
public partial class _Default : System.Web.UI.Page
{
protected void btnlogin_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("DataBase=SOUMENROY-PC;Server=(local)");
SqlDataAdapter da ;
string mSql = " Select * from login1 where username = '" + tbusername.Text +
"' + and password = '" + tbpassword.Text + "' ";
da = new SqlDataAdapter(mSql, con);
con.Open();
DataSet ds = new DataSet();
da.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
Response.Write("<Script> alert (uid & pass taken.)</script>");
}
else
{
Response.Write("<Script> alert (uid & pass ok.)</script>");
}
}
}
}
采纳答案by Dimitar Dimitrov
While we wait for more info on the problem you're facing, I'd like to point out that your query at the moment is vulnerable to SQL injections. Here is how I'd rewrite it:
在我们等待有关您面临的问题的更多信息时,我想指出您的查询目前很容易受到 SQL 注入的影响。这是我重写它的方式:
using(var con = new SqlConnection("DataBase=SOUMENROY-PC;Server=(local)"))
using (var cmd = new SqlCommand("select count(*) from login1 where username = @username and password = @password", con))
{
cmd.Parameters.AddWithValue("@username", username);
cmd.Parameters.AddWithValue("@password", password);
con.Open();
var result = (int)cmd.ExecuteScalar();
if (result > 0)
{
// credentials are valid
}
}
Let me know if you need any clarifications on it.
如果您需要任何说明,请告诉我。
