1. 首頁
  2. 問答
  3. 在添加記錄時加密和解密失敗

在添加記錄時加密和解密失敗

2013-03-20 95 views
0

我正在使用一個簡單的程序,現在我被一個正在加密和解密密碼並將它們存儲在數據庫中的problam卡住了。我有工作的邏輯加密密碼,但它不是在數據庫中存儲,相反,它是扔顯示低於在添加記錄時加密和解密失敗

System.Data.SqlClient.SqlException錯誤:附近有語法錯誤「=」。

我的代碼

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.Web.UI; 
using System.Web.UI.WebControls; 
using System.Data.SqlClient; 
using System.Configuration; 
using System.Data; 

namespace WebApplication5 
{ 
    public partial class WebForm6 : System.Web.UI.Page 
    { 
     SqlConnection connection; 
     protected void Page_Load(object sender, EventArgs e) 
     { 
      connection = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString); 
     } 

     protected void btnSubmit_Click(object sender, EventArgs e) 
     { 
      SqlConnection con1 = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString); 
      con1.Open(); 

      SqlCommand cmd1 = new SqlCommand("select * from admin where [email protected] and [email protected] ", con1); 
      cmd1.Parameters.AddWithValue("@username", txtUserName.Text); 
      cmd1.Parameters.AddWithValue("@password", txtPassword.Text); 
      SqlDataReader dr = cmd1.ExecuteReader(); 
      if (dr.HasRows) 
      { 
       ClientScript.RegisterStartupScript(Page.GetType(), "validation", "<script language='javascript'>alert('userName is already availables')</script>"); 

      } 

      else 
      { 

       SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString); 
       con.Open(); 
       string strQuery = EncodePasswordToBase64("insert into admin(USERNAME,PASSWORD) values('" + txtUserName.Text + "','" + txtPassword.Text + "')"); 
       connection = new SqlConnection(ConfigurationManager.ConnectionStrings["TestQueryConnectionString"].ConnectionString); 
       connection.Open(); 
       SqlCommand cmd = new SqlCommand(strQuery, connection); 
       cmd.ExecuteNonQuery(); 
       connection.Close(); 
       Response.Redirect("login.aspx"); 

      } 

      con1.Close(); 
     } 
     public static string EncodePasswordToBase64(string password) 
     { 
      try 
      { 
       byte[] encData_byte = new byte[password.Length]; 
       encData_byte = System.Text.Encoding.UTF8.GetBytes(password); 
       string encodedData = Convert.ToBase64String(encData_byte); 
       return encodedData; 
      } 
      catch (Exception ex) 
      { 
       throw new Exception("Error in base64Encode" + ex.Message); 
      } 
     } 

    } 
}

的問題是:我在做什麼錯在這裏?

來源

2013-03-20 BHARATH

回答

1

要在編碼完整的查詢,而不是你應該只編碼密碼

string strQuery = EncodePasswordToBase64("insert ....

它應該是:

string strQuery = "insert into admin(USERNAME,PASSWORD) values('" + txtUserName.Text + 
        "','" + EncodePasswordToBase64(txtPassword.Text) + "')");

你應該使用的SqlParameter並進行參數化查詢代替鄰串級聯

string strQuery = "insert into admin(USERNAME,PASSWORD) values(@pUserName, @pPassword)"; 
SqlCommand cmd = new SqlCommand(strQuery); 
cmd.Parameters.AddWithValue("@pUserName", txtUserName.Text"); 
cmd.Parameters.AddWithValue("@pPassword", EncodePasswordToBase64(txtPassword.Text))

來源

2013-03-20 07:17:45 Habib

+0

謝謝你的重播它工作正確..., – BHARATH 2013-03-20 07:35:50

+0

@ user2189723,不客氣 – Habib 2013-03-20 07:36:38

+0

我有1多個pbl和plz解決我,以..., – BHARATH 2013-03-20 07:36:50

相關問題

 相關問題