我試圖在基於n層體系結構的ASP.NET C#中實現登錄功能。在多層體系結構中登錄ASP.NET
數據訪問:
public int userlogin(string user, string passw)//checking the user name and password
{
SqlConnection con = new SqlConnection();
con.ConnectionString = GetConnectionString();
con.Open();
int id = 0;
string selectstr = "SELECT NurseName, password FROM Nurse2 WHERE NurseName = '" + user.Trim() + "' AND Password = '" + passw.Trim() + "'";
SqlCommand cmd = new SqlCommand();
cmd.CommandText = selectstr;
cmd.CommandType = System.Data.CommandType.Text;
cmd.Connection = con;
SqlDataReader reader = cmd.ExecuteReader();
while (reader.Read())
{
id++;
}
cmd = null;
reader.Close();
con.Close();
return id;
}
表示層cs文件
protected void Button1_Click(object sender, EventArgs e)
{
string name = TextBox1.Text;
string password = TextBox2.Text;
int id = da.userlogin(name, password);
if (id > 0)
{
Session["userName"] = name;
Response.Redirect("SubscribePage.aspx");
}
else
{
Label1.Text = "invalid";
}
現在,我的問題是,當我按下按鈕,程序簡單地去else子句,即使我輸入正確的數據。在我看來,這一切似乎都沒有問題。
錯誤...您是否以純文本格式存儲密碼?您似乎也正在修改**修改**用戶密碼! – cubrr 2015-03-19 08:49:16
是的,我是。應該以不同的方式做? – 2015-03-19 08:53:38
至於明文密碼,請看看這個:http://plaintextoffenders.com/faq/devs。至於破壞用戶密碼......你爲什麼要這麼做? – cubrr 2015-03-19 08:56:34