您好我必须限制用户的登录尝试....并更新插入“是”,如果用户超过登录尝试在数据库的“IsBlocked”列如何限制登录尝试?
我正在处理代码...我不知道什么在我的代码中的错误,我不能icrement的failedattempts .....下面是代码我工作的
SqlConnection con2 = new SqlConnection(connstring);
string cmd1 = "select Emp_IsBlocked from dbo.PTS_Employee where Emp_Username='" + EmployeeName + "' and Emp_Password='" + Password + "'";
SqlCommand mycomm2 = new SqlCommand(cmd1, con2);
con2.Open();
Object Blocked = mycomm2.ExecuteScalar();
con2.Close();
if (Blocked != null)
{
if (Blocked.ToString() == "")
{
Response.Redirect("~/Transactions.aspx");
}
else
{
lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
}
}
else
{
_failedAttempts++;
//lblError.Text = ("Fail. " + (3 - _failedAttempts));
if (_failedAttempts == 3)
{
SqlConnection con1 = new SqlConnection(connstring);
SqlCommand mycomm1 = new SqlCommand("SP_IsBlocked", con1);
mycomm1.CommandType = CommandType.StoredProcedure;
con1.Open();
mycomm1.Parameters.Add("@IsBlocked", SqlDbType.VarChar).Value = "Yes";
mycomm1.ExecuteNonQuery();
con1.Close();
lblError.Text = "You are Temporarily Blocked for Exceeding Max Number of Login Attempts";
}
}
可以任意说什么错在上面的代码或如何做到这一点....?
不是最好的解决办法...ü可能需要实现高速缓存,而不是这个...... – Madhu 2012-02-21 10:32:31
您的代码具有SQL注入漏洞:string cmd1 =“select emp_IsBlocked from dbo.PTS_Employee where Emp_Username ='”+ EmployeeName +“'and Emp_Password ='”+ Password +“'”;。你是否附加了调试器来查看你的代码中发生了什么?我没有在代码中看到任何#login尝试的保存。 – Peter 2012-02-21 10:35:54