登录页面&使用mysql数据库在asp.net中按照usertype重定向页面 [英] Login Page & Redirect the page as per usertype in asp.net using mysql database
问题描述
我在数据库中有两个表:
I have two tables in the database:
Login (LID, UName, UPasword, UserType_ID)
UserType(UserType_ID, UserType)
我需要验证用户名和usertype并为UserName(UName)创建一个会话变量。
以下代码就像管理员和用户登录他们重定向一样到gallery.aspx页面,但我想当管理员登录然后他们重定向到View_Reports.aspx页面,当公共用户登录时,他们重定向到gallery.aspx页面
代码
I need to validate username and usertype and create a session variable for UserName(UName).
below code is works like when admin and user login they redirect to gallery.aspx page but i want when admin login then they redirect to "View_Reports.aspx" page and when public user login they redirect to gallery.aspx page
code
protected void Button1_Click1 ( object sender, EventArgs e )
{
name = TextBox1.Text;
pwd = TextBox1.Text;
conn.Open( );
MySqlCommand cmd = new MySqlCommand( " select * from login where UName = '" + name + "' and UPasword = '" + pwd + "' " );
cmd.Connection = conn;
// cmd.Connection = conn;
MySqlDataReader dr = cmd.ExecuteReader( );
if ( dr.HasRows )
{
dr.Read( );
Session[ " UName" ] = dr[ 1 ].ToString( );
;
Session[ " UPasword" ] = dr[ 4 ].ToString( );
Session[ "UserType_ID" ] = dr[ 0 ].ToString( );
;
//Session["prenom"] = dr[2].ToString();
//Session["telephone"] = dr[3].ToString();
Response.Redirect( "View_Reports.aspx" );
}
else
{
Response.Redirect( "gallery.aspx" );
}
dr.Close( );
conn.Close( );
}
推荐答案
1。永远不要使用字符串连接来创建SQL查询 - 学习使用参数化SQL查询! (给你一个样本 - http://www.dreamincode.net/forums/topic/268104-parameterizing-your-sql-queries-the-right-way-to-query-a-database/ [ ^ ])
2.更改代码以在从数据库读取后检查用户类型,而不是根据它重定向:
1. Never ever use string concatenation to create SQL query - learn using parametrized SQL query! (A sample for you - http://www.dreamincode.net/forums/topic/268104-parameterizing-your-sql-queries-the-right-way-to-query-a-database/[^])
2. Change your code to check user type after reading it from database than redirect according to it:
if ( dr.HasRows )
{
dr.Read( );
Session[ " UName" ] = dr[ 1 ].ToString( );
;
Session[ " UPasword" ] = dr[ 4 ].ToString( );
Session[ "UserType_ID" ] = dr[ 0 ].ToString( );
;
//Session["prenom"] = dr[2].ToString();
//Session["telephone"] = dr[3].ToString();
}
// !!!
if(Convert.ToString(Session[ "UserType_ID" ]) == "admin" )
{
Response.Redirect( "View_Reports.aspx" );
}
else
{
Response.Redirect( "gallery.aspx" );
}
if (Convert.ToString(Session["UserType_ID"]).Equals("admin"))
{
Response.Redirect("View_Reports.aspx",false);
}
else
{
Response.Redirect("gallery.aspx",false);
}
避免线程中止异常使用上面的代码。
和Kornfeld Eliyahu Peter是对的可能是UserType_Id不是管理员
to avoid thread abort exception use the above code.
and Kornfeld Eliyahu Peter is right may be UserType_Id is not an admin
这篇关于登录页面&使用mysql数据库在asp.net中按照usertype重定向页面的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!