I Have a few bugs in my code, for some reason when I try to catch at the end it throws up errors saying it is missing lots of brackets although I don't think it is.
could some one please let me know where I have gone wrong.
Code:
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Button1_Click(object sender, EventArgs e)
{
try
{
MySqlCommand SelectCommand = new MySqlCommand("select * from films.user where user_name='" + this.username.Text + "; and password='" + this.password.Text + "';", cs);
MySqlDataReader myreader;
cs.Open();
myreader = SelectCommand.ExecuteReader();
int count = 0;
while (myreader.Read())
{
count = count + 1;
}
if (count == 1)
{
Response.Write(@"");
}
else if (count > 1)
{
Response.Write(@"");
}
else Response.Write(@"");
cs.Close();
}
catch (Exception ex)
{
Response.Write(@"");
}
}
}
}
解决方案
Problem 1: you have opened extra curley brace { after try block.
Problem 2: you have opened user_name parameter with single quotes but you have not closed with single quotes.
Solution 1: you need to remove extra curley brace opened after try block.
Solution 2: you need to enclose user_name parameter with single quotes properly.
Suggestion : your query is open to SQL Injection attacks, i would suggest to use parameterised queries to avoid this.
Complete Code: using parameterised queries
namespace login
{
public partial class _Default : Page
{
// decleration of tabels and dataadapters including my connection string for my MySQL databse
DataSet ds = new DataSet();
MySqlConnection cs = new MySqlConnection(@"SERVER= ********;username=******;password=******;Allow Zero Datetime=true; Initial Catalog = benoatsc_GreenFilm");
MySqlDataAdapter da = new MySqlDataAdapter();
DataTable dt = new DataTable();
String totalDonations = string.Empty;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
MySqlCommand SelectCommand = new MySqlCommand("select * from films.user where user_name=@username and password=@password;", cs);
MySqlDataReader myreader;
SelectCommand.Parameters.AddWithValue("@username",this.username.Text);
SelectCommand.Parameters.AddWithValue("@password",this.password.Text);
cs.Open();
myreader = SelectCommand.ExecuteReader();
int count = 0;
while (myreader.Read())
{
count = count + 1;
}
if (count == 1)
{
Response.Write(@"");
}
else if (count > 1)
{
Response.Write(@"");
}
else Response.Write(@"");
cs.Close();
}
catch (Exception ex)
{
Response.Write(@"");
}//end of catch block
}//end of try block
}//end of class
}//end of namespace
扫一扫
300
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
