C# 允许用户从UserName或电子邮件登录
在我的网站中,我想允许用户从电子邮件或用户名登录。我尝试了以下,但它是登录只有当我去与电子邮件,而不是用户名C# 允许用户从UserName或电子邮件登录,c#,asp.net,C#,Asp.net,在我的网站中,我想允许用户从电子邮件或用户名登录。我尝试了以下,但它是登录只有当我去与电子邮件,而不是用户名 if (!string.IsNullOrEmpty(username.Text) & !string.IsNullOrEmpty(password.Text)) { string str = "select * from login where username=@username or email = @email and Password=@password";
if (!string.IsNullOrEmpty(username.Text) & !string.IsNullOrEmpty(password.Text)) {
string str = "select * from login where username=@username or email = @email and Password=@password";
MySqlCommand cmd = new MySqlCommand(str, con);
cmd.Parameters.AddWithValue("@username", username.Text);
cmd.Parameters.AddWithValue("@email", username.Text);
cmd.Parameters.AddWithValue("@password", password.Text);
con.Open();
MySqlDataAdapter da = new MySqlDataAdapter(cmd);
DataSet ds = new DataSet();
da.Fill(ds);
con.Close();
user = ds.Tables(0).Rows(0)("username");
email = ds.Tables(0).Rows(0)("email");
pswd = ds.Tables(0).Rows(0)("password");
page = ds.Tables(0).Rows(0)("link");
if (ds.Tables(0).Rows.Count > 0) {
if (user == username.Text.ToString | email == username.Text.ToString & pswd == password.Text.ToString) {
Response.Cookies("User_Type").Value = "manager";
Response.Cookies("masterLogin").Value = username.Text;
Response.Redirect(page);
} else {
Response.Write("<script language='javascript'>alert('User name or password is invalid');</script>");
}
}
}
if(!string.IsNullOrEmpty(username.Text)&!string.IsNullOrEmpty(password.Text)){
string str=“从用户名=@username或电子邮件=@email和密码=@Password的登录名中选择*”;
MySqlCommand cmd=新的MySqlCommand(str,con);
cmd.Parameters.AddWithValue(“@username”,username.Text);
cmd.Parameters.AddWithValue(“@email”,username.Text);
cmd.Parameters.AddWithValue(“@password”,password.Text);
con.Open();
MySqlDataAdapter da=新的MySqlDataAdapter(cmd);
数据集ds=新数据集();
da.填充(ds);
con.Close();
user=ds.Tables(0).行(0)(“用户名”);
电子邮件=ds.表格(0).行(0)(“电子邮件”);
pswd=ds.表(0).行(0)(“密码”);
page=ds.表(0).行(0)(“链接”);
if(ds.Tables(0).Rows.Count>0){
if(user==username.Text.ToString | email==username.Text.ToString&pswd==password.Text.ToString){
Response.Cookies(“用户类型”).Value=“管理者”;
Response.Cookies(“masterLogin”).Value=username.Text;
响应。重定向(第页);
}否则{
响应。写入(“警报(‘用户名或密码无效’);”;
}
}
}
if (user == username.Text.ToString | email == username.Text.ToString
& pswd == password.Text.ToString) {
|&|&|&&if ((user == username.Text.ToString || email == username.Text.ToString)
&& pswd == password.Text.ToString) {
这一行中存在缺陷:
if (user == username.Text.ToString | email == username.Text.ToString
& pswd == password.Text.ToString) {
|&|&|&&if ((user == username.Text.ToString || email == username.Text.ToString)
&& pswd == password.Text.ToString) {
您的或在您的WHERE将短接您的支票 例如,尝试以下与您的逻辑相同的方法:
选择“a”,其中1=1或2=1和3=1'a'您所追求的可能是:
从登录位置选择*(用户名=@username或电子邮件=@email)和密码=@Password”选择“a”,其中1=1或2=1和3=1'a'您所追求的可能是:
< > >代码>从登录处选择(用户名=@用户名或电子邮件= @电子邮件)和密码= @密码< <代码> < p>您应考虑将查询中的条件分组为“”。
select *
from login
where (username=@username or email = @email)
and Password=@password";
<>你应该考虑在查询中对条件进行分组,如“”那样对它们进行括号化。
select *
from login
where (username=@username or email = @email)
and Password=@password";
使用下面的sql查询
select * from login where (username=@username or email = @email) and [Password]=@password // Password is a reserved keyword you cant use this as a column name.
请详细说明您得到的错误。使用下面的sql查询
select * from login where (username=@username or email = @email) and [Password]=@password // Password is a reserved keyword you cant use this as a column name.
请详细说明您到底遇到了什么错误。检查此答案,然后尝试用以下代码替换您的代码
if(user==username.Text.ToString | | email==username.Text.ToString
&&pswd==password.Text.ToString){if(user==username.Text.ToString | | email==username.Text.ToString
&&pswd==password.Text.ToString){