Asp.net kodi orqasidagi login xatolarmi?

Foydalanuvchi nomining noto'g'ri yoki noto'g'ri ekanligini aniqlashda xatolik yuzaga keladi. Code-behindda asp.net dan foydalanmoqdaman. Quyida ta'kidlangan. Agar kimdir menga bu xatoning qanday ajoyibligini aytib bera olsa!

protected void Login_Authenticate(object sender, AuthenticateEventArgs e)
        {
            Boolean blnresult;
            blnresult = false;

            **blnresult = Authentication(Login.UserName);**

            if (blnresult == true)
            {
                e.Authenticated = true;
                Session["Check"] = true;
            }
            else

                e.Authenticated = false;
        }

        private bool Authentication(TextBox textBox)
        {
            throw new NotImplementedException();
        }

        protected static Boolean Authentication(string Username, string Password)
        {
            string sqlstring;
            sqlstring = "SELECT userID FROM import_log.dbo.user_verification WHERE userID =" + Username + "";

            System.Data.SqlClient.SqlConnection con = new System.Data.SqlClient.SqlConnection("Data Source = ietm-fwb-sql1; Initial Catalog = import_log; Persist Security Info = True; User ID = sa; Password = fwbadmin");

            System.Data.SqlClient.SqlCommand comm = new System.Data.SqlClient.SqlCommand(sqlstring, con);

            System.Data.SqlClient.SqlDataReader reader;

            con.Open();

            reader = comm.ExecuteReader();

            if (reader.Read())
                return true;
            else
                return false;
        }
    }
}
0
Afsuski bu nimani anglatadi? Men asp.net uchun yangi va men buni menga yordam berganidan olganman.
qo'shib qo'ydi muallif compucrazy, manba
SQL-dan bittadan foydalanib yozish uchun hech qanday uzr yo'q. Pwnage uchun tayyorlang. xkcd.com/327
qo'shib qo'ydi muallif Byron Whitlock, manba
NotImplementedException dasturini ishga tushiradigan usul chaqirayotganingizni tushunasizmi?
qo'shib qo'ydi muallif Erno de Weerd, manba
O'zingiz bir sql inyeksiya hujumi uchun o'zingizni ochdingiz - hech narsa qilmasdan oldin, men buni tuzatmoqchi edim :-) Ushbu maqola nima ekanligini tushuntirib beradigan yaxshi ish va uni qanday qilib oldini olish mumkin: weblogs.asp.net/scottgu/archive/2006/ 09/30/& hellip;
qo'shib qo'ydi muallif Justin Beckwith, manba
Bundan tashqari, siz olgan xatoga yo'l qo'ygan bo'lsangiz, juda foydali bo'ladi.
qo'shib qo'ydi muallif Justin Beckwith, manba

Javob yo'q

0