列“用户名”不属于表表

时间:2021-07-22 08:03:26

标签: c# mysql-workbench

我正在尝试使用 Visual Studio 2019 为 Asp.Net C# 中的无效登录尝试锁定用户帐户。数据库使用的是 MySql Workbench 8.0 CE。但面临错误

enter image description here

C#代码如下:

using System;
using System.Data;
using MySql.Data.MySqlClient;

namespace Canteen_UAT
{
    public partial class LoginDetail : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void Button1_Click1(object sender, EventArgs e)
        {
            MySqlConnection scon = new MySqlConnection("server = XXX.XXX.XX.XXX; user id = root; password = XXXXX; persistsecurityinfo = True; database = posdbms_uat");
            String myquery = "select count(*) from posdbms_uat.logindetail where username='" + TextBox1.Text + "'";
            MySqlCommand cmd = new MySqlCommand();
            cmd.CommandText = myquery;
            cmd.Connection = scon;
            MySqlDataAdapter da = new MySqlDataAdapter();
            da.SelectCommand = cmd;
            DataSet ds = new DataSet();
            da.Fill(ds);
            String uname;
            String pass;
            String status;
            //String lockstatus;
            int attemptcount = 0;

            if (ds.Tables[0].Rows.Count > 0)
            {
                uname = ds.Tables[0].Rows[0]["username"].ToString();
                pass = ds.Tables[0].Rows[0]["password"].ToString();
                status = ds.Tables[0].Rows[0]["status"].ToString();
                scon.Close();
                if (status == "Open")
                {
                    if (uname == TextBox1.Text && pass == TextBox2.Text)
                    {
                        Session["username"] = uname;
                        Response.Redirect("Order.aspx");
                    }
                    else
                    {
                        Label2.Text = "Invalid Username or Password - Relogin with Correct Username & Password. No of Attempts Remaining : " + (2 - attemptcount);
                        attemptcount = attemptcount + 1;
                    }
                }
                else if (status == "Locked")
                {
                    Label2.Text = "Your Account Locked Already : Contact Administrator";
                }
                else
                {
                    Label2.Text = "Invalid Username or Password - Relogin wit Correct Username and Password.";
                }
                if (attemptcount == 3)
                {
                    Label2.Text = "Your Account Has Been Locked Due to Three Invalid Attempts - Contact Administrator.";
                    setlockstatus(TextBox1.Text);
                    attemptcount = 0;
                }
            }
        }

        private void setlockstatus(String username1)
        {
            String mycon = "server = xxx; user id = root; password = xxx; persistsecurityinfo = True; database = posdbms_uat";                        
            String updatedata = "Update posdbms_uat.logindetail set status='Locked' where username='" + username1 + "' ";
            MySqlConnection con = new MySqlConnection(mycon);
            con.Open();
            MySqlCommand cmd = new MySqlCommand();
            cmd.CommandText = updatedata;
            cmd.Connection = con;
            cmd.ExecuteNonQuery();
        }
    }
}

不确定是什么原因造成的。

我尝试过的:

我创建了一个表作为 posdbms_uat,数据表与数据库表中的列名和适当的数据类型相匹配。不确定这个错误是如何弹出的。

1 个答案:

答案 0 :(得分:0)

查询:

String myquery = "select count(*) from posdbms_uat.logindetail where username='" + TextBox1.Text + "'";

...只返回符合 WHERE 条件的行数 - 而不是行中的实际数据。应该通过指定要获取的列来修复它:

String myquery = "select username, password, status from posdbms_uat.logindetail where username='" + TextBox1.Text + "'";

此外,您应该考虑使用参数化来避免 SQL 注入(请参阅 this SO question)。另一件事是,请不要以纯文本形式存储密码。

相关问题
最新问题