我正在为学位模块编写一个 ASP Web 项目,我必须在登录表中插入一些登录详细信息。当我将它作为 .aspx 文件中的脚本运行时,它运行良好,但我需要对密码进行哈希处理,因此,不知道在代码隐藏文件之外执行此操作的方法,我移动了 SQLDataSource。这是插入,它不起作用。
SqlDataSource sqldsInsertPassword = new SqlDataSource();
sqldsInsertPassword.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
sqldsInsertPassword.ProviderName = ConfigurationManager.ConnectionStrings["ConnectionString"].ProviderName;
sqldsInsertPassword.InsertCommand = "INSERT INTO login (Password, Email) VALUES (@Password, @Email)";
sqldsInsertPassword.InsertCommandType = SqlDataSourceCommandType.Text;
sqldsInsertPassword.InsertParameters.Add("@Email", txtEmail.Text.ToString().ToLower());
sqldsInsertPassword.InsertParameters.Add("@Password", Convert.ToBase64String(getSHA256(txtPassword.Text.ToString())));
sqldsInsertPassword.Insert();
我看不出有什么问题,但也许你可以从班上的其他人身上看出。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data.Sql;
using System.Web.Security;
using System.Configuration;
using System.Security.Cryptography;
using System.Text;
public partial class _Default : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
public static byte[] getSHA256(string password)
{
SHA256CryptoServiceProvider sha = new SHA256CryptoServiceProvider();
return sha.ComputeHash(System.Text.Encoding.ASCII.GetBytes(password));
}
protected void btnRegister_Click(object sender, EventArgs e)
{//check email, insert user, SQL command get user ID, insert password
SqlDataReader drExistingUsers = (SqlDataReader)sqldsCheckEmail.Select(DataSourceSelectArguments.Empty);
drExistingUsers.Read();
if (drExistingUsers.HasRows == false)
{
drExistingUsers.Close();
bool fault = false;
try
{
sqldsInsertUser.Insert();
}
catch (Exception error)
{
fault = true;
lblError.Text = "Error: " + error;
}
if (fault == false)
{
try
{
SqlDataSource sqldsInsertPassword = new SqlDataSource();
sqldsInsertPassword.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
sqldsInsertPassword.ProviderName = ConfigurationManager.ConnectionStrings["ConnectionString"].ProviderName;
sqldsInsertPassword.InsertCommand = "INSERT INTO login (Password, Email) VALUES (@Password, @Email)";
sqldsInsertPassword.InsertCommandType = SqlDataSourceCommandType.Text;
sqldsInsertPassword.InsertParameters.Add("@Email", txtEmail.Text.ToString().ToLower());
sqldsInsertPassword.InsertParameters.Add("@Password", Convert.ToBase64String(getSHA256(txtPassword.Text.ToString())));
sqldsInsertPassword.Insert();
}
catch (Exception insertError)
{
fault = true;
lblError.Text = "Error: " + insertError;
}
if (fault == false)
Response.Redirect("Login.aspx");
}
}
else
lblError.Text = "Email already exists.";
}
我很感激那里有很多我可能不需要的命名空间,但我稍后会整理它们。
感谢回复的人!