如何为每个用户保存数据 - visual studio [英] How can I save data for each user - visual studio
问题描述
我必须建立一个CRM系统,我只想为每个用户保存联系人。我有2个表,用户和联系人以及它们之间的外键。我使用cookie保存了用户名,但我需要一种方法来提取用户ID并在用户添加联系人时将其用作外键。这些是我试过的。谢谢你的帮助,对不起我的英语。再次感谢你!
我尝试过:
公共部分class Contacte:System.Web.UI.Page
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings [BazadedateConnectionString1]。ConnectionString);
protected void Page_Load(object sender,EventArgs e)
{
con.Open( );
if(Request.Cookies [Login]!= null)
{
EtichetaUser .Text = Request.Cookies [Login] [username]。ToString();
}
else
{
Response.Redirect(〜/ Acasa.aspx);
}
}
protected void Metod aAdaugareContact(对象发送者,EventArgs e)
{
---这里我想添加用户ID,无需手动添加TextBox1 ---
SqlCommand cmd = new SqlCommand(INSERT INTO Contact VALUES('+ txtNume.Text +','+ txtPrenume.Text +','+ TextBox1.Text + '),con);
cmd.ExecuteNonQuery();
con.Close();
尝试:
使用(SqlCommand cmd = new SqlCommand( INSERT INTO Contact(Nume,PreNume,UserId) VALUES(@NM,@ PN,@ ID),con)
{
cmd.Parameters.AddWithValue( < span class =code-string> @ NM,txtNume.Text);
cmd.Parameters.AddWithValue( @ PN,txtPrenume.Text);
cmd.Parameters.AddWithValue( @ ID,Request.Cookies [ 登录] [ 用户ID]);
cmd.ExecuteNonQuery();
}
con.Close();
谢谢你的回答,但我有一个问题,我没有userID的cookie,我试着把Request.Cookies [Login] [userID]。ToString();放到一个标签但是空白,我没有任何userID值。
然后只需添加另一个cookie:
mycookie [ userID] = dt.Rows [ 0 ] [ userID];
并停止这样做!
SqlDataAdapter sda = new SqlDataAdapter( select * from inregistrare_user其中username =' + txtUtilizator.Text + < span class =code-string>'and parola =' + txtParola.Text + ,conn);
不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
切勿以明文形式存储密码 - 这是一个主要的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
I have to make an CRM system and I just want to save contacts for each user. I have 2 tables, users and contacts and a foreign key beetween them. I saved username using cookies but i need a way to extract userid and use it as foreign key when a user add a contact. These is what I tried. Thanks for your help and sorry for my english. Thank you again!
What I have tried:
public partial class Contacte : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["BazadedateConnectionString1"].ConnectionString);
protected void Page_Load(object sender, EventArgs e)
{
con.Open();
if (Request.Cookies["Login"] != null)
{
EtichetaUser.Text = Request.Cookies["Login"] ["username"].ToString();
}
else
{
Response.Redirect("~/Acasa.aspx");
}
}
protected void MetodaAdaugareContact(object sender, EventArgs e)
{
---HERE I WANT TO ADD USER ID INSTEAD OF ADDING IT MANUALLY USING TextBox1---
SqlCommand cmd = new SqlCommand("INSERT INTO Contact VALUES('" + txtNume.Text + "','" + txtPrenume.Text + "','" + TextBox1.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
Try:
using (SqlCommand cmd = new SqlCommand("INSERT INTO Contact (Nume, PreNume, UserId) VALUES(@NM, @PN, @ID)", con) { cmd.Parameters.AddWithValue("@NM", txtNume.Text); cmd.Parameters.AddWithValue("@PN", txtPrenume.Text); cmd.Parameters.AddWithValue("@ID", Request.Cookies["Login"] ["userID"]); cmd.ExecuteNonQuery(); } con.Close();
"Thank you for answer but I have a problem, I don't have a cookie for userID, I tried to put Request.Cookies["Login"]["userID"].ToString(); into a label but is blank, I don't have any value for userID."
Then just add another cookie:
mycookie["userID"] = dt.Rows[0]["userID"];
And stop doing it like that!
SqlDataAdapter sda = new SqlDataAdapter("select * from inregistrare_user where username = '" + txtUtilizator.Text + "' and parola = '" + txtParola.Text + "'", conn);
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
这篇关于如何为每个用户保存数据 - visual studio的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
