将数据库字段指定为当前会话 [英] assigning a database field as the current session

问题描述

我想从数据库表（users_login）中获取字段（usermenu）。连接后我需要检查用户名和密码是否正确（这意味着结果中有行）然后我想将会话[usermenu] =分配给该用户的数据库中的相同值，让我们说管理员。



这可能吗？如果我这样做然后将用户重定向到另一个页面，会话变量仍然可用作管理员或它将变为NULL？



这是我的代码：

 SqlConnection con = new SqlConnection （数据源= MZC-RWAHDAN \\MYPROJECT2015; InitialCatalog = testing_database; user = ??; password = ????）; 
 
 SqlDataAdapter sda = new SqlDataAdapter（select * from users_login where username ='+ TextBox1.Text +'and userpassword ='+ TextBox2.Text +'，con）; 
 DataTable dt = new DataTable（）; 
 sda.Fill（dt）; 
 
如果
 {
 
 Session [usermenu] =; 
 Response.Redirect（〜/ Admin_Page.aspx）; 
 
} 

解决方案

1。使用参数化查询而不是内联sql，因为现在您的代码可能被黑客入侵到某人窃取数据库中的数据或破坏它的程度。请参阅下面的代码示例。

2.对于这样的简单sql，我建议使用SqlConnection，SqlCommand和SqlDataReader而不是SqlDataAdapter。如果你想使用你检查的dt.Rows来确保有行。然后引用dt.Rows [0] [fieldName]存储到你的会话中。

3.是的，当重定向到新页面时，Session仍然可以访问。这实际上是使用Session的重点。

4.您应该使用有意义的名称命名控件。因此，TextBox1应该命名为txtUserName，TextBox2应该是txtPassword。你可以防止很多bug有意义地命名。

5.在某些时候你也应该查看散列密码，如果这是你的选项，那么密码不会以明文形式存储在你的数据库。



你的sql看起来应该更像下面的参数：

 字符串 sql =   SELECT * FROM users_login WHERE username = @username AND userpassword = @userpassword; 
 cmd.Parameters.AddWithValue（  @ username，txtUserName.Text）; 
 cmd.Parameters.AddWithValue（  @ userpassword，txtUserPassword.Text）; 

如何使用SqlConnection的好例子： http ：//www.dotnetperls.com/sqlconnection [ ^ ]

Hi,

i am trying to get the field (usermenu) from the database table (users_login). After connection i need to check if the username and password are correct (it means that there are rows in the results) then i want to assign a session[usermenu] = to the same value in the database for that user, let us say "Admin".

is this possible? and if i do that then redirect the user to a different page, is the session variable is still available as "Admin" or it will become NULL?

Here is my code:

SqlConnection con = new SqlConnection("Data Source= MZC-         RWAHDAN\\MYPROJECT2015;InitialCatalog=testing_database;user=??;password=????");
        
SqlDataAdapter sda = new SqlDataAdapter ("select * from users_login where                  username='" + TextBox1.Text + "'and userpassword='" + TextBox2.Text + "'",con);
DataTable dt = new DataTable();
sda.Fill(dt);

        if 
        {

            Session["usermenu"] = ;
            Response.Redirect("~/Admin_Page.aspx");
            
        }

解决方案

1. Use parameterized queries instead of inline sql because right now your code could be hacked to the point of someone stealing data from your database or damaging it. See below for code example.
2. For simple sql like this I suggest using SqlConnection, SqlCommand, and SqlDataReader instead of a SqlDataAdapter. If you want to use what you have check for dt.Rows to make sure there are rows. Then reference dt.Rows[0][fieldName] to store into your session.
3. Yes, when redirecting to a new page the Session is still accessible. That actually is the point of using the Session.
4. You should name your controls with meaningful names. So, TextBox1 should be named something like txtUserName and TextBox2 should be txtPassword. You'll prevent a lot of bugs naming things meaningfully.
5. At some point you should also look into hashing passwords if that is an option for you so that the password is not stored in plain text in your db.

You sql should look more like the following which uses parameters:

String sql = "SELECT * FROM users_login WHERE username = @username AND userpassword = @userpassword";
cmd.Parameters.AddWithValue("@username", txtUserName.Text);
cmd.Parameters.AddWithValue("@userpassword", txtUserPassword.Text);

Good example of how to use using with SqlConnection: http://www.dotnetperls.com/sqlconnection[^]

这篇关于将数据库字段指定为当前会话的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！