我正在为登录页面使用以下 C# 代码,但我收到一条错误消息:
“请确保用户名和密码正确”
protected void btnlogin_Click(object sender, EventArgs e)
{
int Results = 0;
if (txtUsername.Text != string.Empty && txtPassword.Text != string.Empty)
{
Results = Validate_Logon(txtUsername.Text.Trim(), txtPassword.Text.Trim());
if (Results == 1)
{
lblMessage.Text = "Login is Good, Send the User to another page or enable controls";
}
else
{
lblMessage.Text = "Invalid Login";
lblMessage.ForeColor = System.Drawing.Color.Red;
//Dont Give too much information this might tell a hacker what is wrong in the login
}
}
else
{
lblMessage.Text = "Please make sure that the username and the password is Correct";
}
}
public int Validate_Logon(String Username, String Password)
{
SqlConnection con = new SqlConnection(@"***************");
SqlCommand cmdselect = new SqlCommand();
cmdselect.CommandType = CommandType.StoredProcedure;
cmdselect.CommandText = "[dbo].[Log_Members]";
cmdselect.Parameters.Add("@Username", SqlDbType.VarChar, 256).Value = Username;
cmdselect.Parameters.Add("@UPassword", SqlDbType.VarChar, 55).Value = Password;
cmdselect.Parameters.Add("@OutRes", SqlDbType.Int, 4);
cmdselect.Parameters["@OutRes"].Direction = ParameterDirection.Output;
cmdselect.Connection = con;
int Results = 0;
try
{
con.Open();
cmdselect.ExecuteNonQuery();
Results = (int)cmdselect.Parameters["@OutRes"].Value;
}
catch (SqlException ex)
{
lblMessage.Text = ex.Message;
}
finally
{
cmdselect.Dispose();
if (con != null)
{
con.Close();
}
}
return Results;
}
请我需要知道上面的代码有什么问题