C# Web服务-功能和方法
我正在使用VisualStudio2010对mysql数据库进行Web服务 我已经完成了一个检查密码并返回密码(当前密码)的功能, 在webmethod中,我调用函数来验证更改前的旧密码是否相等,然后再继续调用mysql命令。但是,即使我从数据库中直接重复检查并复制粘贴user/pass,web方法调用仍然返回无效。谁能看看我哪里出错了吗?或者我需要提供任何其他信息。 谢谢你帮助我 EDIT1:应该是do_check_密码问题函数。我已尝试阻止包含do_check_密码的if循环,并且能够成功更改 我的函数代码C# Web服务-功能和方法,c#,mysql,visual-studio,web-services,C#,Mysql,Visual Studio,Web Services,我正在使用VisualStudio2010对mysql数据库进行Web服务 我已经完成了一个检查密码并返回密码(当前密码)的功能, 在webmethod中,我调用函数来验证更改前的旧密码是否相等,然后再继续调用mysql命令。但是,即使我从数据库中直接重复检查并复制粘贴user/pass,web方法调用仍然返回无效。谁能看看我哪里出错了吗?或者我需要提供任何其他信息。 谢谢你帮助我 EDIT1:应该是do_check_密码问题函数。我已尝试阻止包含do_check_密码的if循环,并且能够成功更
private string do_check_password(string username)
{
string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
MySqlCommand dCmd = new MySqlCommand();
using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
{
mysqlCon.Open();
dCmd.CommandText = "select password from tbl_login WHERE username = ?username ";
dCmd.CommandType = CommandType.Text;
dCmd.Parameters.Add(new MySqlParameter("?username", username));
dCmd.Connection = mysqlCon;
dCmd.ExecuteNonQuery();
mysqlCon.Close();
MySqlDataAdapter da = new MySqlDataAdapter(dCmd);
DataTable dt = new DataTable();
da.Fill(dt);
string currentPassword = dt.Rows[0].ToString();
return currentPassword;
}
}
[网络方法]
public string editUserPassword(string username, string oldPassword, string newPassword)
{
try
{
string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
MySqlCommand dCmd = new MySqlCommand();
using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
{
if(do_check_password(username) == oldPassword)
{
mysqlCon.Open();
dCmd.CommandText = "UPDATE tbl_login SET password=?password WHERE username=?username";
dCmd.CommandType = CommandType.Text;
dCmd.Parameters.Add(new MySqlParameter("?username", username));
dCmd.Parameters.Add(new MySqlParameter("?password", newPassword));
dCmd.Connection = mysqlCon;
dCmd.ExecuteNonQuery();
mysqlCon.Close();
}
else
{
return string.Format( "invalid password");
}
}
return string.Format("password changed");
}
catch (Exception ex)
{
return string.Format(ex.Message);
}
}
public string editUserPassword(string username, string oldPassword, string newPassword)
{
try
{
string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
MySqlCommand dCmd = new MySqlCommand();
using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
{
if(do_check_password(username, oldPassword) == true )
{
mysqlCon.Open();
dCmd.CommandText = "UPDATE tbl_login SET password=?password WHERE username=?username";
dCmd.CommandType = CommandType.Text;
dCmd.Parameters.Add(new MySqlParameter("?username", username));
dCmd.Parameters.Add(new MySqlParameter("?password", newPassword));
dCmd.Connection = mysqlCon;
dCmd.ExecuteNonQuery();
mysqlCon.Close();
}
else
{
return string.Format( "invalid password");
}
}
return string.Format("password changed");
}
catch (Exception ex)
{
return string.Format(ex.Message);
}
}
在do_check_密码中,您有以下行:
dCmd.ExecuteNonQuery();
这不应该是一个错误吗
dCmd.ExecuteReader();
不过,建议你,不要将这些密码存储在明文中。使用单向散列使用salt加密密码。在
do\u check\u password(字符串用户名)
函数中不需要以下行
dCmd.ExecuteNonQuery();
和Close()
填充数据集后连接
你的方法应该是这样的
private string do_check_password(string username)
{
string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
MySqlCommand dCmd = new MySqlCommand();
using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
{
mysqlCon.Open();
dCmd.CommandText = "select password from tbl_login WHERE username = ?username ";
dCmd.CommandType = CommandType.Text;
dCmd.Parameters.Add(new MySqlParameter("?username", username));
dCmd.Connection = mysqlCon;
//dCmd.ExecuteNonQuery(); no need here
MySqlDataAdapter da = new MySqlDataAdapter(dCmd);
DataTable dt = new DataTable();
da.Fill(dt);
mysqlCon.Close();
string currentPassword = dt.Rows[0].ToString();
return currentPassword;
}
}
在do_check_password中,可以将以dCmd.ExecuteNonQuery开头的行替换为:
string currentPassword = (string)dCmd.ExecuteScalar();
mysqlConn.Close();
return currentPassword;
*请注意,只有在执行命令后才应关闭连接。实际上并不需要dCmd.ExecuteNonQuery,您也可以放弃使用MySqlDataAdapter。如果仍然存在问题,请尝试显式指定参数的类型和大小,如
dCmd.Parameters.Add(new MySqlParameter("?username", MySqlDbType.VarChar, 30, username));
我将方法从string改为BOOL,效果非常好。数据语法部分可能出了问题。这是我的代码,以防有人尝试使用字符串,但失败,并希望转换为bool
private bool do_check_password(string username, string oldPassword)
{
string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
MySqlCommand dCmd = new MySqlCommand();
using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
{
mysqlCon.Open();
dCmd.CommandText = "select password from tbl_login WHERE username = ?username and password=?oldPassword";
dCmd.Parameters.Add(new MySqlParameter("?username", username));
dCmd.Parameters.Add(new MySqlParameter("?oldPassword", oldPassword));
dCmd.CommandType = CommandType.Text;
dCmd.Connection = mysqlCon;
dCmd.ExecuteNonQuery();
mysqlCon.Close();
MySqlDataAdapter da = new MySqlDataAdapter(dCmd);
DataTable dt = new DataTable();
da.Fill(dt);
if (dt.Rows.Count > 0)
{
return true;
}
else
{
return false;
}
//string currentPassword = dt.Rows[0].ToString();
//return currentPassword;
}
}
[网络方法]
public string editUserPassword(string username, string oldPassword, string newPassword)
{
try
{
string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
MySqlCommand dCmd = new MySqlCommand();
using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
{
if(do_check_password(username) == oldPassword)
{
mysqlCon.Open();
dCmd.CommandText = "UPDATE tbl_login SET password=?password WHERE username=?username";
dCmd.CommandType = CommandType.Text;
dCmd.Parameters.Add(new MySqlParameter("?username", username));
dCmd.Parameters.Add(new MySqlParameter("?password", newPassword));
dCmd.Connection = mysqlCon;
dCmd.ExecuteNonQuery();
mysqlCon.Close();
}
else
{
return string.Format( "invalid password");
}
}
return string.Format("password changed");
}
catch (Exception ex)
{
return string.Format(ex.Message);
}
}
public string editUserPassword(string username, string oldPassword, string newPassword)
{
try
{
string connectionString = ConfigurationManager.ConnectionStrings["mysql"].ToString();
MySqlCommand dCmd = new MySqlCommand();
using (MySqlConnection mysqlCon = new MySqlConnection(connectionString))
{
if(do_check_password(username, oldPassword) == true )
{
mysqlCon.Open();
dCmd.CommandText = "UPDATE tbl_login SET password=?password WHERE username=?username";
dCmd.CommandType = CommandType.Text;
dCmd.Parameters.Add(new MySqlParameter("?username", username));
dCmd.Parameters.Add(new MySqlParameter("?password", newPassword));
dCmd.Connection = mysqlCon;
dCmd.ExecuteNonQuery();
mysqlCon.Close();
}
else
{
return string.Format( "invalid password");
}
}
return string.Format("password changed");
}
catch (Exception ex)
{
return string.Format(ex.Message);
}
}
通过webservice方法返回给定用户名的密码对我来说似乎很疯狂。我使用它连接应用程序和数据库。函数看起来不太好。谢谢你的建议。我刚开始,所以我的目标是在提高安全性之前先完成基本操作。我仔细阅读了语法,执行读取器就像是使用DataAdapter和DataTable的快捷方式。尽管如此,我还是尝试替换它,但仍然出现相同的问题。尝试过,但在运行editUserPasswordreturned string“invalid password”@YangJieDomodomo调试您的代码并检查时,返回了什么db以及在文本框中输入了什么用户。。。。