发表新帖
发表新帖

Must declare the scalar variable “@Email”

后端 未结
关注
4 1111
名媛妹妹
名媛妹妹 2020-12-22 00:14

I am trying to pass values from a database table to a couple of labels where the email column matches the email entered.I have passed the email entered from login page to th

相关标签:
4条回答
  • 南旧
    2020-12-22 00:20

    You are using the Email param in the wrong place.

    Try using this instead:

    SqlCommand cmd = new SqlCommand("Select * from tblRegister where Email = @Email", con);
cmd.Parameters.AddWithValue("@Email", lblEmail.Text);
    0 讨论(0)
  • 伪装坚强ぢ
    2020-12-22 00:23

    Other answers have already answered your initial problem regarding @Email.

    Here is what I found

    Since you are using FormsAuthentication, you should not save Email in Session state. (Normally, FormsAuthentication uses username, but email address is ok since you are retrieving user information by email address.)

    It defeats the purpose of using FormsAuthentication, because it already saves the Email in FormsAuthenticationTicket.

    protected void btnLogin_Click(object sender, EventArgs e)
{
   if (AuthenticateUser(txtEmail.Text, txtPassword.Text))
   {
      // Thus all you need
      FormsAuthentication.RedirectFromLoginPage(username, true);
   }
}

    Global.asax.cs

    You need this in order to retrieve the Email from cookie, and save the email in IPrincipal Object.

    public class Global : HttpApplication
{
    private void Application_AuthenticateRequest(object sender, EventArgs e)
    {
        HttpCookie decryptedCookie =
            Context.Request.Cookies[FormsAuthentication.FormsCookieName];

        FormsAuthenticationTicket ticket =
            FormsAuthentication.Decrypt(decryptedCookie.Value);

        var identity = new GenericIdentity(ticket.Name);
        var principal = new GenericPrincipal(identity, null);

        HttpContext.Current.User = principal;
        Thread.CurrentPrincipal = HttpContext.Current.User;
    }
}

    Usage

    protected void Page_Load(object sender, EventArgs e)
{
    var email = User.Identity.Name;
}

    More information here.

    0 讨论(0)
  • 生来不讨喜
    2020-12-22 00:28

    Try like this instead 

      SqlCommand cmd = new SqlCommand("Select * from tblRegister where Email = @Email", con);
  cmd.Parameters.AddWithValue("@Email", lblEmail.Text);
  SqlDataReader rdr = cmd.ExecuteReader();
  //...
    0 讨论(0)
  • 情书的邮戳
    2020-12-22 00:28

    @Email indicates a variable, not a field name. If the field name in your table is @Email enclose it in square brackets... [@Email] but I would guess that the field name is Email.

    Edit:

    You also have an issue with the where statement, if you are sending text you need to enclose that in quotes:

    SqlCommand cmd = new SqlCommand("Select * from tblRegister where Email = '" + lblEmail.Text + "'", con);

    This type of query, simply passing a value entered by the user will open you up to SQL injection.

    More information

    0 讨论(0)
 看不清?
提交回复
热议问题