stackoom
  简体   繁体   中英

Login and password in asp

 原文  2014-02-13 09:20:02       c#/ asp.net/ sql-server

Question

i have a par of code c# to login but doesn't work it gives me the message in Else : 

 protected void Button1_Click(object sender, EventArgs e)
    {
        string Connection = @"data source=LOCALHOST;initial catalog=CVtech;Integrated Security=false;User ID=sa;Password=123";
        string Requete = "select * from Agent where Login ='" + UserLogin.Text + " and PPR = " + UserPass.Text+"'";
        SqlDataAdapter da = new SqlDataAdapter(Requete, Connection);
        DataSet Ds = new DataSet();
        da.Fill(Ds);

        if (Ds.Tables[0].Rows.Count > 0)
        {
            DataRow[] dr = Ds.Tables[0].Select();

            Session["Code"] = dr[0]["PPR"].ToString();

            Response.Redirect("cv.aspx");
        }
        else
        {
            Response.Write(" message d'erreur login et mot de passe erroné");
        }
    }

i have a login : "Ach" and PPR = 1

Thank you

1 answers

solution1
 3 ACCPTED  2014-02-13 09:22:11

You're not closing the string value in the sql request. 

string Requete = "select * from Agent where Login ='" + UserLogin.Text + " and PPR = " + UserPass.Text + "'";

should be 

string Requete = "select * from Agent where Login ='" + UserLogin.Text + "' and PPR = '" + UserPass.Text + "'";

Also, you should look into sql injection and parametrizing your queries. I don't use DataAdapters much but I believe it will look something like. 

SqlConnection connection = new SqlConnection("data source=LOCALHOST;initial catalog=CVtech;Integrated Security=false;User ID=sa;Password=123");
SqlDataAdapter da = new SqlDataAdapter(); 

SqlCommand command = new SqlCommand("select * from Agent where Login = @login and PPR = @ppr", connection);

command.Parameters.Add("@login", SqlDbType.NVarChar, 50);
command.Parameters["@login"].Value = UserLogin.Text;

command.Parameters.Add("@ppr", SqlDbType.NVarChar, 50);
command.Parameters["@ppr"].Value = UserPass.Text;

da.SelectCommand = command;

DataSet Ds = new DataSet(); 
da.Fill(Ds);

For more details see

How To: Protect From SQL Injection in ASP.NET

http://msdn.microsoft.com/en-us/library/ff648339.aspx

SqlDataAdapter.SelectCommand Property

http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqldataadapter.selectcommand(v=vs.110).aspx

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to validate an ASP password login form? Create login with hashed password in asp.net ASP.Net Identity - cannot login with password Asp.net Login control - password text Cannot login with new password after resetting password using ASP Identity ASP.NET c# MD5 Password Login page Empty password field on an asp:login form using a LayoutTemplate How to set Minimum Length for Password in Asp:Login Control ASP login doesn't work when correct username and password are entered Change MS SQL Login Password in ASP.NET
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM