我想手动更改数据库中的密码,例如,我希望mary tan的密码只能从12345更改为54321,而不会影响其余员工的密码。我试着解决这个问题,但我真的不知道如何。
这是我的数据库表:
这是我的aspx.cs代码:
public partial class ChangePassword : System.Web.UI.Page
{
SqlConnection conn = null;
SqlCommand cmd = null;
string connectionString = null;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnChangePassword_Click(object sender, EventArgs e)
{
connectionString = ConfigurationManager.ConnectionStrings["LeaveManagementCS"].ConnectionString;
conn = new SqlConnection(connectionString);
string sql = "UPDATE Staff Set Password=@NewPwd";
if (Session["Username"] != null)
{
sql += " WHERE UserName='" + Session["Username"].ToString() + "'";
}
string newPwd = tbNewPassword.Text;
try
{
cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@NewPwd", tbNewPassword.Text);
conn.Open();
int rows = cmd.ExecuteNonQuery();
if (rows > 0)
{
lblOutput.ForeColor = System.Drawing.Color.Green;
lblOutput.Text = "Password has been changed successfully";
}
else
{
lblOutput.ForeColor = System.Drawing.Color.Red;
lblOutput.Text = "Password does not match with our database records.";
}
}
catch (Exception ex)
{
lblOutput.Text = "Error Message: " + ex.Message;
}
finally
{
if (conn != null)
conn.Close();
}
}
}
答案 0 :(得分:0)
public partial class ChangePassword : System.Web.UI.Page
{
SqlConnection conn = null;
SqlCommand cmd = null;
string connectionString = null;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnChangePassword_Click(object sender, EventArgs e)
{
if (Session["Username"] == null){return;} //Just add this line because you MUST have to make this check , otherwise all users password would get changed
connectionString = ConfigurationManager.ConnectionStrings["LeaveManagementCS"].ConnectionString;
conn = new SqlConnection(connectionString);
string sql = "UPDATE Staff Set Password=@NewPwd Where Username = @Username";
string newPwd = tbNewPassword.Text;
try
{
cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@NewPwd", tbNewPassword.Text);
cmd.Parameters.AddWithValue("@Username", Session["Username"].ToString());
conn.Open();
int rows = cmd.ExecuteNonQuery();
if (rows > 0)
{
lblOutput.ForeColor = System.Drawing.Color.Green;
lblOutput.Text = "Password has been changed successfully";
}
else
{
lblOutput.ForeColor = System.Drawing.Color.Red;
lblOutput.Text = "Password does not match with our database records.";
}
}
catch (Exception ex)
{
lblOutput.Text = "Error Message: " + ex.Message;
}
finally
{
if (conn != null)
conn.Close();
}
}
}
答案 1 :(得分:0)
不要与之一起运行。如果未在Session对象中设置UserName属性,则会将EVERYONE的密码设置为该值。你不应该在任何情况下允许这种情况发生。
public partial class ChangePassword : System.Web.UI.Page
{
SqlConnection conn = null;
SqlCommand cmd = null;
string connectionString = null;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnChangePassword_Click(object sender, EventArgs e)
{
connectionString = ConfigurationManager.ConnectionStrings["LeaveManagementCS"].ConnectionString;
conn = new SqlConnection(connectionString);
string username = Session["Username"];
string newPwd = tbNewPassword.Text;
if (username != null)
{
string sql = "UPDATE Staff Set Password=@NewPwd WHERE UserName=@UserName";
try
{
cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@NewPwd", newPwd);
cmd.Parameters.AddWithValue("@UserName", username);
conn.Open();
int rows = cmd.ExecuteNonQuery();
if (rows > 0)
{
lblOutput.ForeColor = System.Drawing.Color.Green;
lblOutput.Text = "Password has been changed successfully";
}
else
{
lblOutput.ForeColor = System.Drawing.Color.Red;
lblOutput.Text = "Password does not match with our database records.";
}
}
catch (Exception ex)
{
lblOutput.Text = "Error Message: " + ex.Message;
}
finally
{
if (conn != null)
conn.Close();
}
}
}
}
更合适的是,我会编写一个存储过程,它接受两个参数(理想情况下,UserID和NewPassword,而不是UserName和NewPassword)并在您的代码中调用它。