1. 首頁
  2. 問答
  3. 變量在當前上下文中不存在C#

變量在當前上下文中不存在C#

2017-03-03 33 views
1

我在asp.net中爲登錄頁面編寫了一些服務器端驗證。變量在當前上下文中不存在C#

現在,我來自「從零開始寫」PHP的角度來看,我正在學習和努力與這些我不知道的一些asp.net概念。

我想設置一個用戶名和密碼變量爲「有效」,如果輸入是有效的,我想用這些變量進行登錄。

我也不確定這是否是正確的做事方式。

protected void loginbutton_Click(object sender, EventArgs e) 
    { 
     string UsernameRegex = "[a-zA-Z]+"; 
     string PasswordRegex = "[a-zA-Z0-9]+"; 

     if (!Regex.IsMatch(usernametextbox.Text, UsernameRegex)) 
     { 
      string UsernameCheck = "valid"; 
     } 
     else 
     { 
      string UsernameCheck = "invalid"; 
     } 

     if (!Regex.IsMatch(passwordtextbox.Text, PasswordRegex)) 
     { 
      string PasswordCheck = "valid"; 
     } 
     else 
     { 
      string PasswordCheck = "invalid"; 
     } 


     if(UsernameCheck = "valid") //i will include password here after i solved the problem 
     { 
      //do something 
     } 
      SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString); 
      conn.Open(); 
      string checkuser = "select count(*) from Users where Username = @username and Password = @password"; 

      SqlCommand com = new SqlCommand(checkuser, conn); 
      com.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text; 
      com.Parameters.Add("@password", SqlDbType.NVarChar).Value = passwordtextbox.Text; 

      int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); 

      if (temp > 0) 
      { 
       Response.Redirect("Cars.aspx"); 
      } 
      else 
      { 
       loginfaillabel.Text = "Your Username or Password doesn't match our records"; 
      } 
     }

幫助和反饋意見。

來源

2017-03-03 Reece Costello

+0

這裏是你會怎麼做,在[Web窗體(https://msdn.microsoft.com/en-us/library /a0z2h4sw.aspx)。心連心。 – EdSF

+2

[C#中變量範圍混淆]的可能重複(http://stackoverflow.com/questions/1196941/variable-scope-confusion-in-c-sharp) – Brandon

+1

在if(UsernameCheck =「valid 「)'...等。 – EdSF

回答

3

好,大量的反饋在這裏。

  1. 使用布爾值,而不是字符串!我替你替換了它們。這裏的主要問題是範圍。你可以在if外面聲明該變量並解決問題,但最好使用布爾值,並且隨着它變得更具可讀性而將if塊全部清除掉。
  2. 始終將實施IDisposable的Ado.Net類型包裝在using塊中。這樣,如果代碼遇到異常,您的連接仍然關閉(好東西)
  3. 不需要在您的sql語句中執行count,只需返回1。如果有用戶,你會得到一個結果,否則不會。
  4. 切勿以明文形式存儲密碼!我沒有碰到這個,這取決於你。有許多適當的密碼散列算法可供選擇,如pbkdf2,bcryptscrypt,這裏列舉了一些更普遍接受的安全算法。
  5. 你確定用戶名是Unicode嗎?如果不在SqlParameter的類型中將參數類型更改爲VarChar

修改後的代碼

protected void loginbutton_Click(object sender, EventArgs e) 
{ 
    string UsernameRegex = "[a-zA-Z]+"; 
    string PasswordRegex = "[a-zA-Z0-9]+"; 

    boolean isUsernameValid = Regex.IsMatch(usernametextbox.Text, UsernameRegex) 
    boolean isPasswordValid = Regex.IsMatch(passwordtextbox.Text, PasswordRegex); 


    if(!isUsernameValid || !isPasswordValid) //i will include password here after i solved the problem 
    { 
     //do something 
    } 
    else 
    { 
     const string checkuser = "SELECT 1 FROM Users WHERE Username = @username and Password = @password"; 

     using(SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString)) 
     using(SqlCommand com = new SqlCommand(checkuser, conn)) 
     { 
      conn.Open(); 

      com.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text; 
      com.Parameters.Add("@password", SqlDbType.NVarChar).Value = passwordtextbox.Text; 

      object temp = com.ExecuteScalar(); 

      // I do not remember if it is null or System.DbNull.Value that is returned if nothing is returned 
      // you will have to test it 
      var didUserMatch = temp == null || temp == System.DbNull.Value ? false : true; 

      if (didUserMatch) 
      { 
       Response.Redirect("Cars.aspx"); 
      } 
      else 
      { 
       loginfaillabel.Text = "Your Username or Password doesn't match our records"; 
      } 
     } 
    } 
}

來源

2017-03-03 17:34:01 Igor

+1

謝謝你,很多有用的反饋,我得到了很多有用的見解感謝你。 –

+0

@ReeceCostello - 很高興我能幫上忙。 – Igor

2

我看到3個問題與您的代碼:

  1. 您正在使用的字符串爲您變量*檢查,你應該使用布爾值。

  2. if(UsernameCheck = "valid")你實際上是分配值"valid"UsernameCheck,如果你想測試平等線,使用if(UsernameCheck == "valid")

  3. 你確實是有問題,由於變量的作用域。你在if/else語句中聲明瞭變量UsernameCheckPasswordCheck,這意味着它們只存在於if/else內部,當代碼執行存在if/else時,變量不再存在,請嘗試此代碼(並且請閱讀有關C#的更多內容):

    protected void loginbutton_Click(object sender,EventArgs e) string UsernameRegex =「[a-zA-Z] +」; string PasswordRegex =「[a-zA-Z0-9] +」;

    bool UsernameCheck = false; // better name for this is isUsernameValie 

    if (!Regex.IsMatch(usernametextbox.Text, UsernameRegex)) 
    { 
     UsernameCheck = true; 
    } 
    else 
    { 
     UsernameCheck = false; 
    } 

    bool PasswordCheck = false;// better name for this is isPasswordValid 
    if (!Regex.IsMatch(passwordtextbox.Text, PasswordRegex)) 
    { 
     PasswordCheck = true; 
    } 
    else 
    { 
     PasswordCheck = false; 
    } 


    if (UsernameCheck == true) //i will include password here after i solved the problem 
    { 
     //do something 
    } 
    SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString); 
    conn.Open(); 
    string checkuser = "select count(*) from Users where Username = @username and Password = @password"; 

    SqlCommand com = new SqlCommand(checkuser, conn); 
    com.Parameters.Add("@username", SqlDbType.NVarChar).Value = usernametextbox.Text; 
    com.Parameters.Add("@password", SqlDbType.NVarChar).Value = passwordtextbox.Text; 

    int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); 

    if (temp > 0) 
    { 
     Response.Redirect("Cars.aspx"); 
    } 
    else 
    { 
     loginfaillabel.Text = "Your Username or Password doesn't match our records"; 
    } 
}

來源

2017-03-03 17:22:43 berserck

0

you need check variable and method scops.

代碼需要稍加修改

protected void loginbutton_Click(object sender, EventArgs e) 
    { 
     string UsernameRegex = "[a-zA-Z]+"; 
     string PasswordRegex = "[a-zA-Z0-9]+"; 

     var userName = usernametextbox.Text; 
     var password = passwordtextbox.Text; 

     if (!Regex.IsMatch(userName, UsernameRegex)) 
     { 
      // do something 
      return; // There is no need to go on 
     } 

     if(!Regex.IsMatch(password, PasswordRegex)) 
     { 
      // do something 
      return; // There is no need to go on 
     } 

     //If we can come here, we can go DB 

     // To be dispose when the job is done 
     using (SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString)) 
     { 

      try 
      { 
       // To be dispose when the job is done 
       using (SqlCommand com = new SqlCommand(checkuser, conn)) 
       { 
        conn.Open(); 
        string checkuser = "select count(*) from Users where Username = @username and Password = @password"; 
        com.Parameters.Add("@username", SqlDbType.NVarChar).Value = userName; 
        com.Parameters.Add("@password", SqlDbType.NVarChar).Value = password; 
        int temp = Convert.ToInt32(com.ExecuteScalar().ToString()); 
        if (temp > 0) 
        { 
         Response.Redirect("Cars.aspx"); 
        } 
        else 
        { 
         loginfaillabel.Text = "Your Username or Password doesn't match our records"; 
        } 
       } 
      } 
      catch (Exception ex) 
      { 

       // you can handle error. maybe logs 
      } 
     } 
    }

來源

2017-03-03 17:39:39 levent

0

雖然可以基於其他的答案做的事情,恕我直言,利用內置的Web Forms Validation第一個。如果它不足,然後做別的。

簡單的例子:

  • foo.aspx

    <p>Username (Alphabetic only, no spaces):<br /> 
    <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox> 
    <asp:RequiredFieldValidator ID="RequiredFieldValidator1" runat="server" ControlToValidate="TextBox1" Display="Dynamic" ErrorMessage="Username is required"></asp:RequiredFieldValidator> 
    <asp:RegularExpressionValidator ID="NameValidator" runat="server" ControlToValidate="TextBox1" Display="Dynamic" ErrorMessage="Invalid - Alaphabetic only" ValidationExpression="[a-zA-Z]+" EnableClientScript="True"></asp:RegularExpressionValidator> 
</p> 
<p>Password (Alphanumeric only, no spaces):<br /> 
    <asp:TextBox ID="TextBox2" runat="server"></asp:TextBox> 
    <asp:RequiredFieldValidator ID="RequiredFieldValidator2" runat="server" ControlToValidate="TextBox2" Display="Dynamic" ErrorMessage="Password is required"></asp:RequiredFieldValidator> 
    <asp:RegularExpressionValidator ID="PwdValidator" runat="server" ControlToValidate="TextBox2" Display="Dynamic" ErrorMessage="Invalid -Alphanumeric Only" ValidationExpression="[\w]+" EnableClientScript="True"></asp:RegularExpressionValidator> 
</p> 
<p> 
    <asp:Button ID="Button1" runat="server" OnClick="BtnSubmit" Text="Login" /> 
</p>

    EnableClientScriptTrue默認。您可以將其設置爲False以測試事情,或者查看未經客戶端驗證後發生的情況(請參閱服務器端驗證實際操作)。

  • foo.aspx.cs(又名 「代碼背後」)

    public partial class foo: Page 
{ 
    protected void Page_Load(object sender, EventArgs e) 
    { 

    } 

    protected void BtnSubmit(object sender, EventArgs e) 
    { 
     if (Page.IsValid) 
     { 
      //Do what you need to do only if IsValid which is the server-side validation check 
     } 
    } 
}

來源

2017-03-03 18:53:36 EdSF

相關問題

 相關問題