1

我正在为学位模块编写一个 ASP Web 项目,我必须在登录表中插入一些登录详细信息。当我将它作为 .aspx 文件中的脚本运行时,它运行良好,但我需要对密码进行哈希处理,因此,不知道在代码隐藏文件之外执行此操作的方法,我移动了 SQLDataSource。这是插入,它不起作用。

SqlDataSource sqldsInsertPassword = new SqlDataSource();
sqldsInsertPassword.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
sqldsInsertPassword.ProviderName = ConfigurationManager.ConnectionStrings["ConnectionString"].ProviderName;
sqldsInsertPassword.InsertCommand = "INSERT INTO login (Password, Email) VALUES (@Password, @Email)";
sqldsInsertPassword.InsertCommandType = SqlDataSourceCommandType.Text;
sqldsInsertPassword.InsertParameters.Add("@Email", txtEmail.Text.ToString().ToLower());
sqldsInsertPassword.InsertParameters.Add("@Password", Convert.ToBase64String(getSHA256(txtPassword.Text.ToString())));
sqldsInsertPassword.Insert();

我看不出有什么问题,但也许你可以从班上的其他人身上看出。

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Data.Sql;
using System.Web.Security;
using System.Configuration;
using System.Security.Cryptography;
using System.Text;

public partial class _Default : System.Web.UI.Page
{
    protected void Page_Load(object sender, EventArgs e)
    {

    }

public static byte[] getSHA256(string password)
{
    SHA256CryptoServiceProvider sha = new SHA256CryptoServiceProvider();
    return sha.ComputeHash(System.Text.Encoding.ASCII.GetBytes(password));
}

protected void btnRegister_Click(object sender, EventArgs e)
{//check email, insert user, SQL command get user ID, insert password

    SqlDataReader drExistingUsers = (SqlDataReader)sqldsCheckEmail.Select(DataSourceSelectArguments.Empty);
    drExistingUsers.Read();
    if (drExistingUsers.HasRows == false)
    {
        drExistingUsers.Close();
        bool fault = false;

        try
        {
            sqldsInsertUser.Insert();
        }
        catch (Exception error)
        {
            fault = true;
            lblError.Text = "Error: " + error;
        }

        if (fault == false)
        {
            try
            {
                SqlDataSource sqldsInsertPassword = new SqlDataSource();
                sqldsInsertPassword.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
                sqldsInsertPassword.ProviderName = ConfigurationManager.ConnectionStrings["ConnectionString"].ProviderName;
                sqldsInsertPassword.InsertCommand = "INSERT INTO login (Password, Email) VALUES (@Password, @Email)";
                sqldsInsertPassword.InsertCommandType = SqlDataSourceCommandType.Text;
                sqldsInsertPassword.InsertParameters.Add("@Email", txtEmail.Text.ToString().ToLower());
                sqldsInsertPassword.InsertParameters.Add("@Password", Convert.ToBase64String(getSHA256(txtPassword.Text.ToString())));
                sqldsInsertPassword.Insert();
            }
            catch (Exception insertError)
            {
                fault = true;                    
                lblError.Text = "Error: " + insertError;
            }

            if (fault == false)
                Response.Redirect("Login.aspx");
        }
    }

    else
        lblError.Text = "Email already exists.";
}

我很感激那里有很多我可能不需要的命名空间,但我稍后会整理它们。

感谢回复的人!

4

2 回答 2

1

好的,我修复了它,那里的插入参数的格式存在某种问题。基本上,我在 .aspx 文件中重新格式化了我的 SQLDataSource,看起来像这样,

<asp:SqlDataSource ID="sqldsInsertPassword" runat="server" 
ConnectionString="<%$ ConnectionStrings:ConnectionString %>" 
DeleteCommand="DELETE FROM [login] WHERE [UserID] = @UserID" 
InsertCommand="INSERT INTO [login] ([Password], [Email]) VALUES (@Password, @Email)" 
SelectCommand="SELECT [UserID], [Password], [Email] FROM [login]" 
UpdateCommand="UPDATE [login] SET [Password] = @Password, [Email] = @Email WHERE [UserID] = @UserID">
<DeleteParameters>
    <asp:Parameter Name="UserID" Type="Int64" />
</DeleteParameters>
<InsertParameters>
    <asp:Parameter Name="Password" Type="String" />
    <asp:Parameter Name="Email" Type="String" />
</InsertParameters>
<UpdateParameters>
    <asp:Parameter Name="Password" Type="String" />
    <asp:Parameter Name="Email" Type="String" />
    <asp:Parameter Name="UserID" Type="Int64" />
</UpdateParameters>

之后,我把后面代码里的代码改成了这个;

try
{
    sqldsInsertPassword.InsertParameters["Email"].DefaultValue = txtEmail.Text.ToString().ToLower();
    sqldsInsertPassword.InsertParameters["Password"].DefaultValue = Convert.ToBase64String(getSHA256(txtPassword.Text.ToString()));
    sqldsInsertPassword.Insert();
}

现在它可以工作了。我不知道插入参数的旧代码隐藏方法是否也能正常工作,但我不打算尝试。

于 2012-11-09T10:47:22.273 回答
1

删除@,它将起作用:

sqldsInsertPassword.InsertParameters.Add("Email", txtEmail.Text.ToString().ToLower());
于 2014-02-04T20:28:39.267 回答