本文介绍了将密码保存到数据库的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧! 问题描述 29岁程序员,3月因学历无情被辞! 您好, 请帮我这个 公开 class 密码 { // 生成随机密码的方法 public static string GeneratePassword() { string PasswordLength = 5; string NewPassword = ; string allowedChars = ; allowedChars = 1,2,3,4,5,6,7,8,9,0 ; allowedChars + = A,B,C,D,E,F,G,H,I, J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,; allowedChars + = a,b,c,d,e,f,g,h,i, J,K,L,M,N,O,p,q,R,S,T,U,v,W,X,Y,Z,; allowedChars + = 〜,!,@,#,$,%,^,&,* ,+ ,?; // 字符分隔 char [] sep = {' ,'}; string [] arr = allowedChars.Split(sep); string IDString = ; string temp = ; 随机rand = 新 Random(); for ( int i = 0 ; i < Convert.ToInt32(PasswordLength); i ++) { temp = arr [rand.Next( 0 ,arr.Length)]; IDString + = temp; NewPassword = IDString; } 返回 NewPassword; } // 将NewPassword保存到数据库[Users表]的方法 public static void SavePasswordToDB() { SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [ MyDBConnectionString]。ToString()); string strNewPassword = GeneratePassword()。ToString(); SqlCommand cmd = new SqlCommand( INSERT INTO dbo.Users(UserPassword)值(strNewPassword),con); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } } 我收到以下错误: 在此上下文中不允许使用名称strNewPassword。有效表达式是常量,常量表达式和(在某些上下文中)变量。不允许使用列名。 我应该通过什么值()?? 谢谢。解决方案 ,%,^,&,*,+,?; // 字符分隔 char [] sep = {' ,'}; string [] arr = allowedChars.Split(sep); string IDString = ; string temp = ; 随机rand = 新随机(); for ( int i = 0 ; i < Convert.ToInt32(PasswordLength); i ++) { temp = arr [rand.Next( 0 ,arr.Length)]; IDString + = temp; NewPassword = IDString; } 返回 NewPassword; } // 将NewPassword保存到数据库[Users表]的方法 public static void SavePasswordToDB() { SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [ MyDBConnectionString]。ToString()); string strNewPassword = GeneratePassword()。ToString(); SqlCommand cmd = new SqlCommand( INSERT INTO dbo.Users(UserPassword)值(strNewPassword),con); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } } 我收到以下错误: 在此上下文中不允许使用名称strNewPassword。有效表达式是常量,常量表达式和(在某些上下文中)变量。不允许使用列名。 我应该通过什么值()?? 谢谢。 好的,两件事。 一,你传递这个字符串: INSERT INTO dbo.Users(UserPassword)值(strNewPassword) 显然,它不知道 strNewPassword 是什么。 要解决此问题,请确保传递值。但是请使用参数(免责声明:我没有编译它,但它应该可以工作): 尝试 { con.Open(); 使用(SqlCommand cmd = new SqlCommand( INSERT INTO dbo.Users(UserPassword)值(@password),con)) { cmd.Parameters。 AddValue( @ password,strNewPassword); cmd.ExecuteNonQuery(); } } 最后 { if (con!= null )con.Close(); } 这比使用 String.Format 或类似的东西。因为这会让你对SQL注入开放(尽管在这种情况下可能不是这样,但这样做仍然是好的做法)。在我看来,无论如何使用起来要容易得多。 有关该主题的更多信息 [ ^ ] 但第二件事(也许是最重要的):为什么你在数据库中存储未加密的密码吗? 你必须使用这些行.... public static void SavePasswordToDB() { SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [MyDBConnectionString]。ToString()); string strNewPassword = GeneratePassword()。ToString(); SqlCommand cmd = new SqlCommand(INSERT INTO dbo.Users(UserPassword)Values(+strNewPassword +'),con); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } } Hello,Please help me with thispublic class Password { // method to generate random Password public static string GeneratePassword() { string PasswordLength = "5"; string NewPassword = ""; string allowedChars=""; allowedChars = "1,2,3,4,5,6,7,8,9,0"; allowedChars += "A,B,C,D,E,F,G,H,I,J,K,L,M,N,O,P,Q,R,S,T,U,V,W,X,Y,Z,"; allowedChars += "a,b,c,d,e,f,g,h,i,j,k,l,m,n,o,p,q,r,s,t,u,v,w,x,y,z,"; allowedChars += "~,!,@,#,$,%,^,&,*,+,?"; // seperation of characters char[] sep = { ',' }; string[] arr = allowedChars.Split(sep); string IDString = ""; string temp = ""; Random rand = new Random(); for (int i = 0; i < Convert.ToInt32(PasswordLength); i++) { temp = arr[rand.Next(0, arr.Length)]; IDString += temp; NewPassword = IDString; } return NewPassword; } // Method to save NewPassword to Database's [Users table] public static void SavePasswordToDB() { SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MyDBConnectionString"].ToString()); string strNewPassword = GeneratePassword().ToString(); SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users(UserPassword) Values(strNewPassword)", con); con.Open(); cmd.ExecuteNonQuery(); con.Close(); }}I am getting the following error:The name "strNewPassword" is not permitted in this context. Valid expressions are constants, constant expressions, and (in some contexts) variables. Column names are not permitted.What should i pass in Values() ??Thank you. 解决方案 ,%,^,&,*,+,?"; // seperation of characters char[] sep = { ',' }; string[] arr = allowedChars.Split(sep); string IDString = ""; string temp = ""; Random rand = new Random(); for (int i = 0; i < Convert.ToInt32(PasswordLength); i++) { temp = arr[rand.Next(0, arr.Length)]; IDString += temp; NewPassword = IDString; } return NewPassword; } // Method to save NewPassword to Database's [Users table] public static void SavePasswordToDB() { SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MyDBConnectionString"].ToString()); string strNewPassword = GeneratePassword().ToString(); SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users(UserPassword) Values(strNewPassword)", con); con.Open(); cmd.ExecuteNonQuery(); con.Close(); }}I am getting the following error:The name "strNewPassword" is not permitted in this context. Valid expressions are constants, constant expressions, and (in some contexts) variables. Column names are not permitted.What should i pass in Values() ??Thank you.Okay, two things.One, you're passing this string:"INSERT INTO dbo.Users(UserPassword) Values(strNewPassword)"So obviously it won't know what strNewPassword is.To fix that, make sure you pass the values. But please, use parameters for that (disclaimer: I haven't compiled this, but it should work):try{ con.Open(); using(SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users(UserPassword) Values(@password)", con)) { cmd.Parameters.AddValue("@password", strNewPassword); cmd.ExecuteNonQuery(); }}finally{ if (con != null) con.Close();}This is a much safer way than using a String.Format or something similar. Because that would leave you open to SQL injection (though perhaps not in this case, it's still good practice to do so). And it's a lot easier to use anyway in my opinion. More info on the subject[^]But the second thing (and perhaps the most important): Why are you storing an unencrypted password in your database??you have to use these lines.... public static void SavePasswordToDB() { SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["MyDBConnectionString"].ToString()); string strNewPassword = GeneratePassword().ToString(); SqlCommand cmd = new SqlCommand("INSERT INTO dbo.Users(UserPassword) Values('" + strNewPassword + "')", con); con.Open(); cmd.ExecuteNonQuery(); con.Close(); } } 这篇关于将密码保存到数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持! 上岸,阿里云! 06-14 20:55