我使用的是asp.net框架用於發送通過電子郵件忘記密碼。 但我認爲在我的代碼中存在一些問題。 請幫忙。 button_click事件代碼如下。發送忘記使用電子郵箱密碼在Asp.Net
protected void frgtbtn_Click(object sender, EventArgs e)
{
string st = "select E_mail FROM registraion_master WHERE E_mail='" + Email.Text + "'";
cmd = new SqlCommand(st, sqlcon);
cmd.Connection.Open();
SqlDataAdapter sda = new SqlDataAdapter(cmd);
DataSet ds=new DataSet();
sda.Fill(ds);
cmd.Connection.Close();
if(ds.Tables[0].Rows.Count > 0)
{
MailMessage email = new MailMessage();
email.From = new MailAddress(Email.Text); //Enter sender email address.
email.To.Add(Email.Text); //Destination Recipient e-mail address.
email.Subject = "Your Forget Password:"; //Subject for your request.
email.Body = "Hi,Your Password is: " + ds.Tables[0].Rows[0]["Pwd"] + "";
email.IsBodyHtml = true;
//SMTP SERVER DETAILS
SmtpClient smtpc = new SmtpClient("smtp.gmail.com");
smtpc.Port = 587;
smtpc.UseDefaultCredentials = false;
smtpc.EnableSsl = true;
gmail_ID.Text = "[email protected]";//Enter your gmail id here
gmail_pwd.Text="vineet";//Enter your gmail id here
smtpc.Credentials = new NetworkCredential(gmail_ID.Text,gmail_pwd.Text);
smtpc.Send(email);
string script = @"<script language=""javascript""> alert('Password Has Been Sent.......!!!!!.');
</script>;";
Page.ClientScript.RegisterStartupScript(this.GetType(), "myJScript1", script);
}
else
{
pwdlbl.Text = "This email address is not exist in our Database try again";
}
在此代碼
:有一個例外occour:列「密碼」不屬於表表。
我懷疑你將密碼存儲爲純文本。 **不要這樣做!**請閱讀:[實現密碼恢復最佳實踐](http://stackoverflow.com/questions/2734367/implement-password-recovery-best-practice)你應該總是使用[參數化查詢](http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/)。這種字符串連接對於[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)攻擊是開放的。 – 2014-09-01 11:42:32
是不是很明顯,**列'密碼'不在表**中,也作爲@SonerGönül說,**不要存儲這樣的密碼** – 2014-09-01 11:42:43
哦,原因'Pwd'不在該表可能是因爲您只在您的select語句中獲得列'E_mail',然後不使用它,以及在select子句中使用帶有文本條目的非參數化查詢... – 2014-09-01 11:46:28