1. 首页
  2. 问答
  3. 使用MySQL的ASP.Net登录页面

使用MySQL的ASP.Net登录页面

2017-02-24 94 views
0

任何人都可以发现此错误吗?我试图创建一个简单的登录页面(asp.net vb),它在mysql表上进行计数。当我输入任何内容时,即使细节不匹配,我也会登录。我相信这将是案件陈述是错误的,但任何帮助,将不胜感激!使用MySQL的ASP.Net登录页面

Protected Sub ValidateUser(sender As Object, e As EventArgs) 
    Dim userId As Integer = -1 
    Dim constr As String = ConfigurationManager.ConnectionStrings("conn").ConnectionString 
    Using con As New MySqlConnection(constr) 
     Using uscmd As New MySqlCommand("SELECT COUNT(*) FROM tblUser WHERE UName = [email protected] AND Pword = [email protected]", con) 
      uscmd.Parameters.AddWithValue("@Username", Login1.UserName) 
      uscmd.Parameters.AddWithValue("@Password", Login1.Password) 
      Using uuda As New MySqlDataAdapter(uscmd) 
       Dim ds As New DataSet() 
       uuda.Fill(ds) 
       userId = ds.Tables(0).Rows.Count.ToString() 
      End Using 

     End Using 
     Select Case userId 
      Case -1 
       Login1.FailureText = "Username and/or password is incorrect." 
       Exit Select 
      Case -2 
       Login1.FailureText = "Account has not been activated." 
       Exit Select 
      Case Else 
       FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet) 
       Exit Select 
     End Select 
    End Using 
End Sub

来源

2017-02-24 Ben Williams

回答

0

您的查询 “SELECT COUNT()...” 总是会返回1分的纪录。执行后查询,你进行分配

userId = ds.Tables(0).Rows.Count.ToString()

所以用户id的值将始终为1所以它总是碰上CASE语句的CASE ELSE。这就是为什么你输入的内容,即使细节不匹配,它也会登录你。

要检查用户名和密码已被注册,或没有,你可以像下面

Protected Sub ValidateUser(sender As Object, e As EventArgs) 
    Dim userCount As Integer = -1 
    Dim constr As String = ConfigurationManager.ConnectionStrings("conn").ConnectionString 
    Using con As New MySqlConnection(constr) 
     Using uscmd As New MySqlCommand("SELECT COUNT(*) FROM tblUser WHERE UName = [email protected] AND Pword = [email protected]", con) 
      uscmd.Parameters.AddWithValue("@Username", Login1.UserName) 
      uscmd.Parameters.AddWithValue("@Password", Login1.Password) 
      Using uuda As New MySqlDataAdapter(uscmd) 
       Dim ds As New DataSet() 
       uuda.Fill(ds) 
       Integer.TryParse(ds.Tables(0).Rows(0)(0), userCount) 
      End Using 

     End Using 

     If userCount > 0 Then 
      FormsAuthentication.RedirectFromLoginPage(Login1.UserName, Login1.RememberMeSet)     
     Else 
      Login1.FailureText = "Username and/or password is incorrect." 
     End If 

    End Using 
End Sub

来源

2017-02-24 11:08:17

+0

啊对更新代码 - 我认为这将是类似的东西。你能为我的代码提供任何类型的修复吗?某种解决方法?谢谢 –

+0

为什么不验证用户并在激活后返回?只是FYI Rows.Count永远不会<0您目前的代码将永远不会返回除Case Else之外的任何其他东西。 – MaCron

相关问题

 相关问题