首先，您的代码是SQL Injectioin [ ^ ]易受伤害。



如何保护您的站点免受SQL注入攻击？

如何：保护ASP.NET中的SQL注入 [ ^ ]

在停止之前阻止SQL注入攻击 [ ^ ]

SQL I注意以及如何避免它[ ^ ]

动态SQL& SQL注入 [ ^ ]



其次，您的插入语句错误，因为您错过了目标字段。正确的插入语句是：

First of all, your code is SQL Injectioin[^] vulnerable.

How to protect your site from SQL Injection attacks?
How To: Protect From SQL Injection in ASP.NET[^]
Stop SQL Injection Attacks Before They Stop You[^]
SQL Injection and how to avoid it[^]
Dynamic SQL & SQL injection[^]

Secondly, your insert statement is wrong, because you missed destination fields. Proper insert statement is:

INSERT INTO onlineUsers (Field1, Field2, Field3)
VALUES (val1, val2, val3)

第三， Page_Load事件 [ ^ ] UserDefault.aspx 编写代码以获取已记录用户的数量。

SQL查询可能如下所示：

Third of all, on Page_Load event[^] for UserDefault.aspx write code to get the count of logged users.
SQL query might look like:

SELECT COALESCE(COUNT(*),0) AS CountOfUsers
FROM onlineUsers
WHERE DateField BETWEEN DATEADD(dd, -1, GETDATE()) AND GETDATE() 

如需了解更多信息，请参阅：

页面事件 [ ^ ]

DATEADD [ ^ ]

COALESCE [ ^ ]

COUNT [ ^ ]

For further information, please see:
Page Events[^]
DATEADD[^]
COALESCE[^]
COUNT[^]

并且要添加到Maciej Los所说的内容，您绝不应该以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息：密码存储：如何做到这一点。 [ ^ ]



为了让您知道它有多糟糕： CommitStrip [ ^ ]

And to add to what Maciej Los says, you should never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]

To give you an idea how bad it is considered: CommitStrip[^]

>

正如其他用户已经知道的那样，你的代码是针对SQL注入攻击开放的。

第二件事是你需要用你的代码更新你的问题。

我理解以下内容： -



您只显示了代码，用户提供用户名和密码登录。一旦用户登录，您就将记录保存到另一个名为onlineUsers的表中。



您还没有粘贴代码，您想要在线显示用户。基本上你需要做的是： -



创建一个查询，它应该从onlineUsers获取所有记录，然后你需要在某处显示这些记录。 />


解决方案中的问题： -



如果用户a会发生什么用户从应用程序注销。因此，请务必删除从在线用户表中注销的用户的记录。

As already informed by other user, your code is open for SQL Injection attacks.
Second thing is that you need to update your question with your code.
I have understand following:-

You have only shown the code, where user is providing user name and pwd to login. As soon as the user is logged in, you are saving records into another table named "onlineUsers".

You have not pasted code, where you want to show the online users. Basically what you need to do is following:-

Create a query, which should get all records from the onlineUsers and then you need to display those records somewhere.

Problem in your Solution:-

What would happen, if user a user logged out from the application. So please make sure to remove records of the user who is logged out from the online Users table.