来自 web.config 文件的 SQL 连接

Question

我的 web.config 代码：

<?xml version="1.0"?>
<!--
  For more information on how to configure your ASP.NET application, please visit
  http://go.microsoft.com/fwlink/?LinkId=169433
  -->
<configuration>
  <appSettings>
    <add key="ChartImageHandler" value="storage=file;timeout=20;dir=c:\TempImageFiles\;" />
  </appSettings>
  <system.web>
    <httpHandlers>
      <add path="ChartImg.axd" verb="GET,HEAD,POST" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35"
        validate="false" />
    </httpHandlers>
    <pages>
      <controls>
        <add tagPrefix="asp" namespace="System.Web.UI.DataVisualization.Charting"
          assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
      </controls>
    </pages>
    <compilation debug="true" targetFramework="4.0">
      <assemblies>
        <add assembly="System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31BF3856AD364E35"/>
      </assemblies>
    </compilation>
    <authentication mode="Forms">
      <forms loginUrl="~/Account/Login.aspx" timeout="2880"/>
    </authentication>
    <membership>
      <providers>
        <clear/>
        <add name="AspNetSqlMembershipProvider" type="System.Web.Security.SqlMembershipProvider" connectionStringName="ApplicationServices" enablePasswordRetrieval="false" enablePasswordReset="true" requiresQuestionAndAnswer="false" requiresUniqueEmail="false" maxInvalidPasswordAttempts="5" minRequiredPasswordLength="6" minRequiredNonalphanumericCharacters="0" passwordAttemptWindow="10" applicationName="/"/>
      </providers>
    </membership>
    <profile>
      <providers>
        <clear/>
        <add name="AspNetSqlProfileProvider" type="System.Web.Profile.SqlProfileProvider" connectionStringName="ApplicationServices" applicationName="/"/>
      </providers>
    </profile>
    <roleManager enabled="false">
      <providers>
        <clear/>
        <add name="AspNetSqlRoleProvider" type="System.Web.Security.SqlRoleProvider" connectionStringName="ApplicationServices" applicationName="/"/>
        <add name="AspNetWindowsTokenRoleProvider" type="System.Web.Security.WindowsTokenRoleProvider" applicationName="/"/>
      </providers>
    </roleManager>
  </system.web>
  <system.webServer>
    <modules runAllManagedModulesForAllRequests="true" />
    <validation validateIntegratedModeConfiguration="false" />
    <handlers>
      <remove name="ChartImageHandler" />
      <add name="ChartImageHandler" preCondition="integratedMode" verb="GET,HEAD,POST"
        path="ChartImg.axd" type="System.Web.UI.DataVisualization.Charting.ChartHttpHandler, System.Web.DataVisualization, Version=4.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35" />
    </handlers>
  </system.webServer>
 <connectionStrings>
   <add name="SQLDbConnection"
        connectionString="Server=DESKTOP-LRT15J5; Database=FYP_1;"
        providerName="System.Data.SqlClient" />
 </connectionStrings>
</configuration>

这是我的后端代码

我的后端代码：

protected void btnLogin_Click(object sender, EventArgs e)
{
    string username = txt_username.Text;
    using (SqlConnection conn = new SqlConnection(WebConfigurationManager.ConnectionStrings["SQLDbConnection"].ConnectionString))
    {
        conn.Open();

        string sqlUserName;
        sqlUserName = " select user_name, password from Login_Table where user_name='" + txt_username.Text + "' AND password='" + txt_Pwd.Text + "'  ";
        using (SqlCommand cmd = new SqlCommand(sqlUserName, conn))
        {
            string currentname;
            currentname = (string)cmd.ExecuteScalar();
            if (currentname != null)
            {
                Session["myusername"] = username;

                Response.Redirect("~/Admin/Adminpannel.aspx");

            }
            else
            {
                lblMsg.Text = "Your Name OR Password is Not Correct OR You are Not Register";

            }
        }
    }
}

这是我的错误

错误：

System.Data.dll 中出现类型为“System.Data.SqlClient.SqlException”的异常，但未在用户代码中处理

附加信息：用户 '' 登录失败。

Answer 1

您错过了连接字符串中的User ID和Password ：

 <add name="SQLDbConnection"
    connectionString="Server=DESKTOP-LRT15J5; Database=FYP_1;User Id=myUsername;Password=myPassword;"
    providerName="System.Data.SqlClient" />

看看： SQL Server 连接字符串。

此外，我强烈建议您始终使用参数化查询来避免SQL 注入。 像这样：

sqlUserName = "select user_name, password from Login_Table where user_name= @username AND password= @password";
cmd.Parameters.AddWithValue("@username", txt_username.Text);
cmd.Parameters.AddWithValue("@password",  txt_Pwd.Text);

Answer 2

所以问题是您没有在配置中提供登录凭据，这是在数据库中进行身份验证所必需的。 所以包括

uid=myUser;password=myPass;

下面是一个例子：

<appSettings>
<add name="SQLDbConnection" connectionString="Data Source=DESKTOP-LRT15J5;database=myDb;uid=myUser;password=myPass;" />
</appSettings>

参考更多

Answer 3

问题出在conn.Open 。 您需要向应用程序提供如何连接数据服务器。

这用于 Windows 身份验证；

<connectionStrings>        
    <add name="SQLDbConnection" connectionString="Data Source=DESKTOP-LRT15J5;Initial Catalog=FYP_1;Integrated Security=True"/>
  </connectionStrings>

或者Sql服务器认证

<connectionStrings>        
        <add name="SQLDbConnection" connectionString="Data Source=DESKTOP-LRT15J5;Initial Catalog=FYP_1;Integrated Security=False;User Id=Username;Password=Password"/>
</connectionStrings>