如何解决ASP.NET自定义登录页面错误?
[英]How to solve ASP.NET custom login page error?
问题描述
In Login.aspx.cs file 
在Login.aspx.cs文件中
The codes are following 代码如下
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
using System.Web.Configuration;
namespace Leave_Management
{
public partial class Login : System.Web.UI.Page
{
//private string strcon = WebConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
SqlConnection conn = new SqlConnection(@"Data Source=TAUFIQ-PC\SQLEXPRESS;Initial Catalog=LM;Integrated Security=True");
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
conn.Open();
string checkuser = "select UserName from [User] where UserName='" + TextBoxUN + "'";
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
if (temp == 1)
{
string checkpass = "select password from [User] where UserName='" + TextBoxUN + "'";
SqlCommand passcom = new SqlCommand(checkpass, conn);
string password = passcom.ExecuteScalar().ToString().Replace(" ", "");
conn.Close();
if (password == TextBoxPass.Text)
{
Response.Redirect("Registration.aspx");
}
}
}
}
}
An Error is showing as 错误显示为
"NullReferenceException was unhandled by user code"
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
Please help me to solve this. 请帮我解决这个问题。
3 个解决方案
解决方案1
1 2015-05-31 06:03:24
Too long for a comment, there are many things wrong with your code: 注释太久了,您的代码有很多错误:
You are concatenating user-specified values into SQL queries. 您正在将用户指定的值连接到SQL查询中。 Don't do it, use parameters. 不要这样做,使用参数。
You are putting TextBoxUN into the SQL, you probably want TextBoxUN.Text . 您正在将TextBoxUN放入SQL中,可能需要TextBoxUN.Text 。 This is the reason you get null, since there is no user with that name. 这是您获得null的原因,因为没有用户使用该名称。
You must take the value provided by ExecuteScalar() and check if it is null. 您必须采用ExecuteScalar()提供的值,并检查它是否为null。 Now it is, so you get a clear error about it. 现在,您将获得一个明确的错误。
Why get the username from the database with the username and then check for password? 为什么从具有用户名的数据库中获取用户名,然后检查密码? You can check for password and username with one query. 您可以通过一个查询来检查密码和用户名。
Do not store passwords in cleartext in the database! 不要在数据库中以明文形式存储密码! Use hash functions. 使用哈希函数。
解决方案2
1 已采纳 2015-05-31 06:07:56
You can just simplify your code by checking both username and password from the SQL statement: 您可以通过检查SQL语句中的用户名和密码来简化代码:
protected void Button1_Click(object sender, EventArgs e)
{
conn.Open();
string SQL = "select UserID from [User] where UserName=@UserName AND Password=@Password";
SqlCommand com = new SqlCommand(SQL, conn);
com.Parameters.AddWithValue("@UserName", TextBoxUN.Text);
com.Parameters.AddWithValue("@Password", TextBoxPass.Text);
SqlDataReader data = com.ExecuteReader();
if (data.HasRows) // username and password match
{
conn.Close();
Response.Redirect("Registration.aspx");
}
else
{
conn.Close();
// display error here
}
}
I assume that UserID is the primary key of your Users table. 我假设UserID是您的Users表的主键。 You can use other column names if you want. 如果需要,可以使用其他列名称。
I also used parameters to avoid SQL injection . 我还使用了参数来避免SQL注入 。 Cheers! 干杯!
解决方案3
0 2015-05-31 05:38:38
if temp comes up as null, then you will get the error. 如果temp变为null,则将得到错误。 I would try: 我会尝试:
... ...
int temp = 0;
try {
temp = Convert.ToInt32(com.ExecuteScalar().ToString());
} catch (exception) {}
... ...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.