vb.net - 识别用户名但不识别密码

Question

我已经建立了一个包含虚拟帐户的数据库。我的登录页面能够识别Username但不能识别Password。我已经仔细检查了密码，它们是正确的。不知道为什么它只看到用户名。请指教。

我的数据库如下所示：
UserID      UserName                  Password          LastName        FirstName        Email
2 barb@hotmail.com coo1Talk Lee Barb barb@hotmail.com
3 esther@hotmail.com k1dd13 Tan Esther esther@hotmail.com

这是我的代码隐藏文件：

Imports System
Imports System.Collections.Generic
Imports System.Linq
Imports System.Web
Imports System.Web.UI
Imports System.Web.UI.WebControls
Imports System.Data.SqlClient
Imports System.Configuration

Partial Class SignIn
Inherits System.Web.UI.Page
Protected Sub Page_Load(ByVal sender As Object, ByVal e As EventArgs)

End Sub
    Protected Sub signinBTN_Click(ByVal sender As Object, ByVal e As System.EventArgs)
    Dim sConnection As New SqlConnection(ConfigurationManager.ConnectionStrings("TrackTicketsConnectionString2").ConnectionString)
    sConnection.Open()

    Dim cmdS As String = "Select count(*) from Users where UserName='" + usernameTXTBOX.Text + "' AND Deleted='N'"

    Dim cmdCheckUser As New SqlCommand(cmdS, sConnection)
    Dim num As Integer = Convert.ToInt32(cmdCheckUser.ExecuteScalar().ToString())
    If num = 1 Then
        Dim cmdS1 As String = "Select * From Users WHERE UserName='" + usernameTXTBOX.Text + "' AND Deleted='N' AND Password='" + passwordTXTBOX.Text + "'"
        Dim pass As New SqlCommand(cmdS1, sConnection)
        Dim password As String = pass.ExecuteScalar().ToString()

        If password = passwordTXTBOX.Text Then
            Session("Ticket") = usernameTXTBOX.Text
            Response.Redirect("mysupport.aspx")
        Else
            userCOMPARELBL.Visible = True
            userCOMPARELBL.Text = "Password is incorrect."
        End If
    Else
        userCOMPARELBL.Visible = True
        userCOMPARELBL.Text = "Username is incorrect."
    End If

End Sub

End Class

我期望的结果是用户可以成功登录并被重定向到另一个名为 support.aspx 的页面。

Answer 1

1）我知道这不是主题，但是......使用参数化查询！

2) 数据库上的 Deleted 是否设置为“N”？

删除='N'

3) 现在，如果您的密码与您的文本框匹配，您将重定向支持。我认为这不是预期的行为。

现在编码：

   If password = passwordTXTBOX.Text Then
            Session("Ticket") = usernameTXTBOX.Text
            Response.Redirect("mysupport.aspx")
        Else
            userCOMPARELBL.Visible = True
            userCOMPARELBL.Text = "Password is incorrect."
        End If

更正：

If password.Equals(passwordTXTBOX.Text) Then
              userCOMPARELBL.Visible = True
            userCOMPARELBL.Text = "Password is incorrect."
        Else
   Session("Ticket") = usernameTXTBOX.Text
            Response.Redirect("mysupport.aspx")

        End If