C# 如何给出正确的错误消息
根据我的代码,“您的密码已成功更改!恭喜!”消息将弹出,即使更新未起作用。如果没有进行更新,我如何给出错误消息(我的update语句中似乎也有错误…)。实际上,我无法想象在这里如何使用if语句C# 如何给出正确的错误消息,c#,C#,根据我的代码,“您的密码已成功更改!恭喜!”消息将弹出,即使更新未起作用。如果没有进行更新,我如何给出错误消息(我的update语句中似乎也有错误…)。实际上,我无法想象在这里如何使用if语句 protected void Button1_Click(object sender, EventArgs e) { MySqlConnection connection = new MySqlConnection("server=localhost; database=e
protected void Button1_Click(object sender, EventArgs e)
{
MySqlConnection connection = new MySqlConnection("server=localhost; database=e-learningsystem; uid=root; password=123;port=3307;");
connection.Open();
try
{
MySqlCommand cmd1 = new MySqlCommand("UPDATE student Set Password= '" + TextBox3.Text + "' WHERE UserName='" + TextBox1.Text + "' AND Password='"+TextBox2.Text+"'", connection);
cmd1.ExecuteNonQuery();
Response.Write(@"<script language='javascript'>alert('Your Password Has Been Changed successfully!, Congratulations!')</script>");
connection.Close();
}
catch (Exception ex)
{
Response.Write(@"<script language='javascript'>alert(ex.Message)</script>");
}
}
受保护的无效按钮1\u单击(对象发送者,事件参数e)
{
MySqlConnection=newmysqlconnection(“服务器=localhost;数据库=e-learningsystem;uid=root;密码=123;端口=3307;”;
connection.Open();
尝试
{
MySqlCommand cmd1=新的MySqlCommand(“更新学生设置密码=””+TextBox3.Text+“,其中用户名=”“+TextBox1.Text+”,密码=”+TextBox2.Text+”,连接);
cmd1.ExecuteOnQuery();
响应。写(@“警报('您的密码已成功更改,恭喜!”);
connection.Close();
}
捕获(例外情况除外)
{
响应。写入(@“警报(例如消息)”);
}
}
返回受影响的行数。因此,如果您的查询更新了任何记录,那么它将返回0多行(在本例中为该特定用户的1行)
所以试试这个
if(cmd1.ExecuteNonQuery()>0)
{
// successfull
}
else
{
// failure
}
请不要在查询中传递这样的值。尝试使用SqlParameter在查询中传递参数以避免Sql注入。cmd1.ExecuteNonQuery()
返回受影响的行数。因此,如果您的查询更新了任何记录,那么它将返回0多行(在本例中为该特定用户的1行)
所以试试这个
if(cmd1.ExecuteNonQuery()>0)
{
// successfull
}
else
{
// failure
}
请不要在查询中传递这样的值。尝试使用SqlParameter在查询中传递参数,以避免Sql注入。为您的消息框弹出问题提供解决方案
但是为什么要实现自己的身份验证机制呢?有什么理由不使用吗
假设你有充分的理由这么做。但是,如果要实现自定义身份验证,请检查此项
例如,ChangePassword方法:
public override bool ChangePassword(string username, string oldPwd, string newPwd)
{
// validate the user first, you are not doing any validation
// logged in user can change any other users password in your approach
if (!ValidateUser(username, oldPwd))
return false;
//new password validation and giving proper message if failed
// skip this code from given link
// use parameterized query as below
OdbcConnection conn = new OdbcConnection(connectionString);
OdbcCommand cmd = new OdbcCommand("UPDATE Users " +
" SET Password = ?, LastPasswordChangedDate = ? " +
" WHERE Username = ? AND ApplicationName = ?", conn);
cmd.Parameters.Add("@Password", OdbcType.VarChar, 255).Value = EncodePassword(newPwd);
cmd.Parameters.Add("@LastPasswordChangedDate", OdbcType.DateTime).Value = DateTime.Now;
cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;
cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;
int rowsAffected = 0;
try
{
conn.Open();
// this is how you can check whether row updated or not
rowsAffected = cmd.ExecuteNonQuery();
}
catch (OdbcException e)
{
// you need to have proper error handling as well
if (WriteExceptionsToEventLog)
{
WriteToEventLog(e, "ChangePassword");
throw new ProviderException(exceptionMessage);
}
else
{
throw e;
}
}
finally
{
conn.Close();
}
if (rowsAffected > 0)
{
return true;
}
return false;
}
为您的消息框弹出问题提供解决方案
但是为什么要实现自己的身份验证机制呢?有什么理由不使用吗
假设你有充分的理由这么做。但是,如果要实现自定义身份验证,请检查此项
例如,ChangePassword方法:
public override bool ChangePassword(string username, string oldPwd, string newPwd)
{
// validate the user first, you are not doing any validation
// logged in user can change any other users password in your approach
if (!ValidateUser(username, oldPwd))
return false;
//new password validation and giving proper message if failed
// skip this code from given link
// use parameterized query as below
OdbcConnection conn = new OdbcConnection(connectionString);
OdbcCommand cmd = new OdbcCommand("UPDATE Users " +
" SET Password = ?, LastPasswordChangedDate = ? " +
" WHERE Username = ? AND ApplicationName = ?", conn);
cmd.Parameters.Add("@Password", OdbcType.VarChar, 255).Value = EncodePassword(newPwd);
cmd.Parameters.Add("@LastPasswordChangedDate", OdbcType.DateTime).Value = DateTime.Now;
cmd.Parameters.Add("@Username", OdbcType.VarChar, 255).Value = username;
cmd.Parameters.Add("@ApplicationName", OdbcType.VarChar, 255).Value = pApplicationName;
int rowsAffected = 0;
try
{
conn.Open();
// this is how you can check whether row updated or not
rowsAffected = cmd.ExecuteNonQuery();
}
catch (OdbcException e)
{
// you need to have proper error handling as well
if (WriteExceptionsToEventLog)
{
WriteToEventLog(e, "ChangePassword");
throw new ProviderException(exceptionMessage);
}
else
{
throw e;
}
}
finally
{
conn.Close();
}
if (rowsAffected > 0)
{
return true;
}
return false;
}
密码不应存储在纯文本中。此外,此代码易受攻击。密码不应存储在纯文本中,此代码易受攻击。我认为我的更新语句也不起作用。我是否有任何错误???您的
textbox2
是否包含旧密码?是的,它有旧密码。我认为我的更新语句也不起作用。我是否有任何错误???您的textbox2
是否包含旧密码?是的,它有旧密码