Description:-
in this example we explain that how to protect your login form because there is a number of UID and PWD that are eligible to login in your application without have no registration in your site.
For Ex:- By using 1'or'1'='1 this UID and PWD you can login most of the application.
to Restrict that sitution you must create your login form query by using @ sign and pass the parameter name.
for ex:-
SqlCommand cmd = new
SqlCommand("select * from stud where unm=@ud
and pwd=@pd", cn);
cmd.Parameters.AddWithValue("@ud",
TextBox1.Text);
cmd.Parameters.AddWithValue("@pd", TextBox2.Text);this three line can restrict the user to login in your site.
Today in modern world thousands of Dummy user can view or Edit your site without Registering to Restict this type of sitution this Example is very useful.
You can also Restrict the Site by using Procedure to show procedure Example Click Here
Example:-
string conn = @"Data Source=SQLDB;Initial
Catalog=Demo;User ID=Demod;Password=Demo1@";
SqlConnection cn = new SqlConnection(conn);
cn.Open();
Session["unm"] = TextBox1.Text.ToString();
Session["pwd"] = TextBox2.Text.ToString();
//string
query = "select *from stud where unm='"
+Session["unm"].ToString()+ "' and pwd='"
+Session["pwd"].ToString()+ "'";
//
string query = "select * from stud where unm=@ud,pwd=@pd";
//
string u = "update stud set state =1 where unm='" +
Session["unm"].ToString() + "' and pwd='" +
Session["pwd"].ToString() + "'";
SqlCommand cmd = new SqlCommand("select * from stud where unm=@ud and pwd=@pd",cn);
cmd.Parameters.AddWithValue("@ud",
TextBox1.Text);
cmd.Parameters.AddWithValue("@pd",
TextBox2.Text);
SqlDataAdapter sa = new SqlDataAdapter(cmd);
// SqlCommand cmd1 = new SqlCommand(u, cn);
cmd.ExecuteNonQuery();
DataTable dt = new DataTable();
//
sa.SelectCommand = cmd;
sa.Fill(dt);
/*SqlDataReader
sr = cmd.ExecuteReader();
bool b = sr.HasRows;
sr.Close();*/
if (dt.Rows.Count>0)
{
//int
i=cmd1.ExecuteNonQuery();
//
if(i>0)
Response.Redirect("~/loadlogin.aspx");
}
else
{
ClientScript.RegisterClientScriptBlock(this.GetType(), "ke", "<script>alert('wrong
username and password');</script>");
}
0 comments:
Post a Comment