使用MySQL的ASP.Net登录页面
有人能发现其中的错误吗?我正在尝试创建一个简单的登录页面(asp.net vb),它对mysql表进行计数。当我在其中键入任何内容时,即使详细信息不匹配,也会将我登录。我相信这将是一个错误的案例陈述,但任何帮助都将不胜感激使用MySQL的ASP.Net登录页面,asp.net,Asp.net,有人能发现其中的错误吗?我正在尝试创建一个简单的登录页面(asp.net vb),它对mysql表进行计数。当我在其中键入任何内容时,即使详细信息不匹配,也会将我登录。我相信这将是一个错误的案例陈述,但任何帮助都将不胜感激 Protected Sub ValidateUser(sender As Object, e As EventArgs) Dim userId As Integer = -1 Dim constr As String = ConfigurationManage
Protected Sub ValidateUser(sender As Object, e As EventArgs)
Dim userId As Integer = -1
Dim constr As String = ConfigurationManager.ConnectionStrings("conn").ConnectionString
Using con As New MySqlConnection(constr)
Using uscmd As New MySqlCommand("SELECT COUNT(*) FROM tblUser WHERE UName = ?@Username AND Pword = ?@Password", con)
uscmd.Parameters.AddWithValue("@Username", Login1.UserName)
uscmd.Parameters.AddWithValue("@Password", Login1.Password)
Using uuda As New MySqlDataAdapter(uscmd)
Dim ds As New DataSet()
uuda.Fill(ds)
userId = ds.Tables(0).Rows.Count.ToString()
End Using
End Using
Select Case userId
Case -1
Login1.FailureText = "Username and/or password is incorrect."
Exit Select
Case -2
Login1.FailureText = "Account has not been activated."
Exit Select
Case Else
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
Exit Select
End Select
End Using
End Sub
查询“SELECT COUNT()…”将始终返回1条记录。执行查询后,您进行赋值
userId = ds.Tables(0).Rows.Count.ToString()
因此userId的值将始终为1。所以它总是遇到CASE语句的CASE-ELSE。这就是为什么无论你键入什么,即使细节不匹配,它也会让你登录
要检查用户名和密码是否已注册,您可以按如下方式更新代码
Protected Sub ValidateUser(sender As Object, e As EventArgs)
Dim userCount As Integer = -1
Dim constr As String = ConfigurationManager.ConnectionStrings("conn").ConnectionString
Using con As New MySqlConnection(constr)
Using uscmd As New MySqlCommand("SELECT COUNT(*) FROM tblUser WHERE UName = ?@Username AND Pword = ?@Password", con)
uscmd.Parameters.AddWithValue("@Username", Login1.UserName)
uscmd.Parameters.AddWithValue("@Password", Login1.Password)
Using uuda As New MySqlDataAdapter(uscmd)
Dim ds As New DataSet()
uuda.Fill(ds)
Integer.TryParse(ds.Tables(0).Rows(0)(0), userCount)
End Using
End Using
If userCount > 0 Then
FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)
Else
Login1.FailureText = "Username and/or password is incorrect."
End If
End Using
End Sub
啊,对了,我以为会是这样的。你能为我的代码提供任何类型的修复吗?什么变通办法?谢谢你为什么不验证用户,并在用户激活时返回?仅供参考。计数永远不会小于0您当前的代码将永远不会返回除大小写以外的任何内容。