我在做什么错?我试图验证用户不存在。我无法弄清楚如何发送@ email1或@ 0。我尝试了几种方法。 我可以让它工作当我硬编码WHERE条款。例如,我知道存在的电子邮件是[email protected]。这工作:"var userCheck = "SELECT * FROM USR WHERE EMAIL = '[email protected]'".Count()
剃刀和JS故障:检查用户是否存在
这些做不工作:我曾尝试var userCheck = "SELECT * FROM USR WHERE EMAIL = " +email1.Count();
和"var userCheck = "SELECT * FROM USR WHERE EMAIL = @0".Count()
我一定要通过email1
作为参数???
ASP.NET-剃刀:
@{
Page.Title = "Register";
var minPass = 2;
var maxPass = 100;
var email1 = "";
var pass1 = "";
var db = Database.Open("Resume");
var userCheck = "SELECT * FROM USR WHERE EMAIL = " +email1;
var userInsert = "INSERT INTO USR (EMAIL, PSWD) VALUES (@0, @1)";
if(IsPost) {
email1 = Request.Form["email1"];
pass1 = Request.Form["pass1"];
db.Execute(userInsert, email1, pass1);
Response.Redirect("~/Default");
}
}
的Javascript:
var error = "";
var email1 = document.getElementById('em100').value;
var email2 = document.getElementById('em101').value;
var pass1 = document.getElementById('pw100').value;
var pass2 = document.getElementById('pw101').value;
if (@userCheck > 0) error += "</br>Email already exists."; // ?????????????????
if (!document.getElementById('em100').checkValidity()) error += "</br>Emails are not valid.";
if (email1 !== email2) error += "</br>Emails do not match.";
if (pass1 !== pass2) error += "</br>Passwords do not match.";
if (pass1.length < minPass || pass1.length > maxPass) error += "</br>Password must be minPass - maxPass characters.";
'email1'是,当你建立你的查询为空字符串。对你来说应该很明显。不管怎样,不要通过串联字符串来形成查询。这是SQL注入攻击的秘诀。您应该使用参数化查询。 – mason