如何获取登录并在活动中使用它的用户的ID? [英] How can I get the id of the user that is logged in and used it in activities ?
本文介绍了如何获取登录并在活动中使用它的用户的ID?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我正在创建一个在线新闻网站。用户需要先登录才能添加新闻文章。如果用户登录并创建自己的文章,我如何获取他们的ID并将其与新闻文章一起保存在数据库中?
我是什么尝试过:
I am creating an online news website. The user needs to login first so that they can add their news article. If the user logged in and create their own articles, how can I get their id and save it in the database along with their news article?
What I have tried:
//This is my code in adding news articles
public partial class Articles : System.Web.UI.Page
{
string cs = ConfigurationManager.ConnectionStrings["NewsDataBaseConnectionString2"].ConnectionString;
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
LoadCategory();
}
}
protected void btn_AddArticles_Click(object sender, EventArgs e)
{
SqlConnection cn = new SqlConnection(cs);
cn.Open();
SqlCommand cm = new SqlCommand("Insert into tbl_AddNews (User_id,title, category_id, details, photo, date) values(@Userid, @Title, @Category, @Details, @photo, @Date)", cn);
cm.Parameters.AddWithValue("@Title", txtbox_Title.Text);
cm.Parameters.AddWithValue("@Category", DropDownList1.SelectedValue);
cm.Parameters.AddWithValue("@Details", txtbox_details.Text);
string strImg = System.IO.Path.GetFileName(FileUpload1.PostedFile.FileName);
cm.Parameters.AddWithValue("@photo", strImg);
cm.Parameters.AddWithValue("@Date", DateTime.Now.ToString());
cm.ExecuteNonQuery();
cn.Close();
FileUpload1.PostedFile.SaveAs(Server.MapPath("Images\\") + strImg);
Response.Redirect("Articles.aspx");
}
private void LoadCategory()
{
try
{
using (SqlConnection con = new SqlConnection(cs))
{
SqlCommand cmd = new SqlCommand("select * from tbl_Category", con);
con.Open();
DataTable table = new DataTable();
SqlDataAdapter adapter = new SqlDataAdapter(cmd);
adapter.Fill(table);
DropDownList1.DataSource = table;
DropDownList1.DataValueField = "Category_id";
DropDownList1.DataTextField = "Category_Name";
DropDownList1.DataBind();
DropDownList1.Items.Insert(0, new ListItem("--Select Category--", "0"));
}
}
catch (Exception ex)
{
Label1.ForeColor = System.Drawing.Color.Red;
Label1.Text = "Something went wrong!." + ex.Message + "";
}
}
}
推荐答案
根据评论,您将用户ID存储在会话,所以你将从会话中获取id。
As per comments you are storing the user id in the session, so you shall get the id from session.
string userID = Session["New"]
注意:格式化sql查询字符串易受攻击到 SQL注入 [ ^ ]攻击
总是使用参数化查询以防止SQL Server中的SQL注入攻击 [ ^ ]
Note: Formatting the sql Query string is vulnerable to SQL Injection[^] attacks
always use Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]
这篇关于如何获取登录并在活动中使用它的用户的ID?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
