简单登录C#和MySQL web应用程序
本文关键字:web 应用程序 MySQL 登录 简单 | 更新日期: 2024-09-23 07:24:16
我的代码中有一些错误,出于某种原因,当我试图在最后捕获时,它会抛出错误,说它缺少了很多括号,尽管我认为不是。谁能告诉我哪里出了问题吗。
代码:
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Button1_Click(object sender, EventArgs e)
{
try
{
MySqlCommand SelectCommand = new MySqlCommand("select * from films.user where user_name='" + this.username.Text + "; and password='" + this.password.Text + "';", cs);
MySqlDataReader myreader;
cs.Open();
myreader = SelectCommand.ExecuteReader();
int count = 0;
while (myreader.Read())
{
count = count + 1;
}
if (count == 1)
{
Response.Write(@"<script language='javascript'>alert('wow your in !!');</script>");
}
else if (count > 1)
{
Response.Write(@"<script language='javascript'>alert('duplicate');</script>");
}
else Response.Write(@"<script language='javascript'>alert('wrong password');</script>");
cs.Close();
}
catch (Exception ex)
{
Response.Write(@"<script language='javascript'>alert(ex.message);</script>");
}
}
}
}
问题1:您在try block
之后打开了额外的curley大括号{
问题2:您已使用single quotes
打开user_name
参数,但尚未使用single quotes
关闭。
解决方案1:您需要移除try block后打开的多余curley大括号
解决方案2:您需要正确地将user_name
参数与single quotes
括起来。
建议:您的查询对SQL Injection attacks
开放,我建议使用parameterised queries
来避免这种情况。
完整代码:使用parameterised queries
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
MySqlCommand SelectCommand = new MySqlCommand("select * from films.user where user_name=@username and password=@password;", cs);
MySqlDataReader myreader;
SelectCommand.Parameters.AddWithValue("@username",this.username.Text);
SelectCommand.Parameters.AddWithValue("@password",this.password.Text);
cs.Open();
myreader = SelectCommand.ExecuteReader();
int count = 0;
while (myreader.Read())
{
count = count + 1;
}
if (count == 1)
{
Response.Write(@"<script language='javascript'>alert('wow your in !!');</script>");
}
else if (count > 1)
{
Response.Write(@"<script language='javascript'>alert('duplicate');</script>");
}
else Response.Write(@"<script language='javascript'>alert('wrong password');</script>");
cs.Close();
}
catch (Exception ex)
{
Response.Write(@"<script language='javascript'>alert(ex.message);</script>");
}//end of catch block
}//end of try block
}//end of class
}//end of namespace
除了缺少括号和错误的SQL查询(包含分号)之外,您还可以大大改进代码。您可以使用ExecuteScalar
并将查询修改为COUNT(*)
。这样,您就不必在代码中计数。还要使用using
语句,它将确保即使在出现异常的情况下也能关闭连接。所以你的代码应该在下面的行L 上
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
using (MySqlCommand SelectCommand = new MySqlCommand("select count(*) from films.user where user_name=@username AND password = @password", cs))
{
SelectCommand.Parameters.AddWithValue("@username", username.Text);
SelectCommand.Parameters.AddWithValue("@password", password.Text);
cs.Open();
int count = (int)SelectCommand.ExecuteScalar();
if (count == 1)
{
Response.Write(@"<script language='javascript'>alert('wow your in !!');</script>");
}
else if (count > 1)
{
Response.Write(@"<script language='javascript'>alert('duplicate');</script>");
}
else Response.Write(@"<script language='javascript'>alert('wrong password');</script>");
}
}
catch (Exception ex)
{
Response.Write(@"<script language='javascript'>alert(ex.message);</script>");
}
}
}
}
在命令中使用参数将使您免于SQL注入