我的代码中有一些错误,出于某种原因,当我尝试在最后捕获它时,它会抛出错误,说它缺少很多括号,尽管我认为不是。 有人可以让我知道哪里出了问题吗。
代码:
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Button1_Click(object sender, EventArgs e)
{
try
{
MySqlCommand SelectCommand = new MySqlCommand("select * from films.user where user_name='" + this.username.Text + "; and password='" + this.password.Text + "';", cs);
MySqlDataReader myreader;
cs.Open();
myreader = SelectCommand.ExecuteReader();
int count = 0;
while (myreader.Read())
{
count = count + 1;
}
if (count == 1)
{
Response.Write(@"<script language='javascript'>alert('wow your in !!');</script>");
}
else if (count > 1)
{
Response.Write(@"<script language='javascript'>alert('duplicate');</script>");
}
else Response.Write(@"<script language='javascript'>alert('wrong password');</script>");
cs.Close();
}
catch (Exception ex)
{
Response.Write(@"<script language='javascript'>alert(ex.message);</script>");
}
}
}
}
最佳答案
问题 1:您打开了额外的花括号 {
在 try block
之后.
问题 2:您打开了 user_name
参数与 single quotes
但你还没有关闭 single quotes
.
解决方案 1:您需要移除在 try block 之后打开的额外花括号。
方案二:需要附上user_name
参数与 single quotes
建议:您的查询开放给SQL Injection attacks
, 我建议使用 parameterised queries
避免这种情况。
完整代码:使用parameterised queries
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
MySqlCommand SelectCommand = new MySqlCommand("select * from films.user where user_name=@username and password=@password;", cs);
MySqlDataReader myreader;
SelectCommand.Parameters.AddWithValue("@username",this.username.Text);
SelectCommand.Parameters.AddWithValue("@password",this.password.Text);
cs.Open();
myreader = SelectCommand.ExecuteReader();
int count = 0;
while (myreader.Read())
{
count = count + 1;
}
if (count == 1)
{
Response.Write(@"<script language='javascript'>alert('wow your in !!');</script>");
}
else if (count > 1)
{
Response.Write(@"<script language='javascript'>alert('duplicate');</script>");
}
else Response.Write(@"<script language='javascript'>alert('wrong password');</script>");
cs.Close();
}
catch (Exception ex)
{
Response.Write(@"<script language='javascript'>alert(ex.message);</script>");
}//end of catch block
}//end of try block
}//end of class
}//end of namespace
关于c# - 简单登录 C# 和 MySQL Web 应用程序,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20549172/