我在做什麼錯?我試圖驗證用戶不存在。我無法弄清楚如何發送@ email1或@ 0。我嘗試了幾種方法。 我可以讓它工作當我硬編碼WHERE條款。例如,我知道存在的電子郵件是[email protected]。這工作:"var userCheck = "SELECT * FROM USR WHERE EMAIL = '[email protected]'".Count()
剃刀和JS故障:檢查用戶是否存在
這些做不工作:我曾嘗試var userCheck = "SELECT * FROM USR WHERE EMAIL = " +email1.Count();
和"var userCheck = "SELECT * FROM USR WHERE EMAIL = @0".Count()
我一定要通過email1
作爲參數???
ASP.NET-剃刀:
@{
Page.Title = "Register";
var minPass = 2;
var maxPass = 100;
var email1 = "";
var pass1 = "";
var db = Database.Open("Resume");
var userCheck = "SELECT * FROM USR WHERE EMAIL = " +email1;
var userInsert = "INSERT INTO USR (EMAIL, PSWD) VALUES (@0, @1)";
if(IsPost) {
email1 = Request.Form["email1"];
pass1 = Request.Form["pass1"];
db.Execute(userInsert, email1, pass1);
Response.Redirect("~/Default");
}
}
的Javascript:
var error = "";
var email1 = document.getElementById('em100').value;
var email2 = document.getElementById('em101').value;
var pass1 = document.getElementById('pw100').value;
var pass2 = document.getElementById('pw101').value;
if (@userCheck > 0) error += "</br>Email already exists."; // ?????????????????
if (!document.getElementById('em100').checkValidity()) error += "</br>Emails are not valid.";
if (email1 !== email2) error += "</br>Emails do not match.";
if (pass1 !== pass2) error += "</br>Passwords do not match.";
if (pass1.length < minPass || pass1.length > maxPass) error += "</br>Password must be minPass - maxPass characters.";
'email1'是,當你建立你的查詢爲空字符串。對你來說應該很明顯。不管怎樣,不要通過串聯字符串來形成查詢。這是SQL注入攻擊的祕訣。您應該使用參數化查詢。 – mason