UC知道登陆程序有错?(c#+SQLServer)
来源:百度知道 编辑:UC知道 时间:2024/06/03 06:09:49
<%@ Import Namespace="System.Data"%>
<%@ Import Namespace="System.Data.SqlClient"%>
<script language="C#" runat="server" >
void page_Load()
{
string strConnection = "server=127.0.0.1;database=test;uid=sa;password=cjj";
string strSQL = "select * from register";
SqlConnection sqlConnection2 = new SqlConnection(strConnection);
SqlCommand sqlCommand2 = new SqlCommand(strSQL, sqlConnection2);
SqlDataReader sqlRead = null;
try
{
sqlConnection2.Open();
sqlRead = sqlCommand2.ExecuteReader();
while (sqlRead.Read() == true)
{
if (Request.Form["name1"] != sqlRead["i_name"] && Request.Form["pswd1"] != sqlRead["i_pswd"])
{
<%@ Import Namespace="System.Data.SqlClient"%>
<script language="C#" runat="server" >
void page_Load()
{
string strConnection = "server=127.0.0.1;database=test;uid=sa;password=cjj";
string strSQL = "select * from register";
SqlConnection sqlConnection2 = new SqlConnection(strConnection);
SqlCommand sqlCommand2 = new SqlCommand(strSQL, sqlConnection2);
SqlDataReader sqlRead = null;
try
{
sqlConnection2.Open();
sqlRead = sqlCommand2.ExecuteReader();
while (sqlRead.Read() == true)
{
if (Request.Form["name1"] != sqlRead["i_name"] && Request.Form["pswd1"] != sqlRead["i_pswd"])
{
如果你的用户表有n条记录
你那段代码本来就是返回一个successful和n-1个failed
因为reader 遍历了你的表的每条记录
你可以改一下SQL语句先把用户名过滤出来
"select i_pswd from register where i_name='"+Request.Form["name1"] .toString()+"'"
然后只判断密码是否相符即可(因为记录要么1条要么0条不会遍历用户表所有记录)
当然直接这样写容易被人用特殊字符串用户名破解
建议用传参数的方法
if (Request.Form["name1"] != sqlRead["i_name"] && Request.Form["pswd1"] != sqlRead["i_pswd"])
这句设置断点.再调试!