关于3层应用程序和存储过程 [英] Regarding 3 tier app and Stored Procedure

问题描述

Hello Code项目，

我在应用程序中使用了3层体系结构，并且尝试使用存储过程登录，尽管我输入的数据不在数据库中，但我可以登录.如果我不使用3层体系结构，则我能够做我想做的事.
请帮助我改善以下代码，

//数据逻辑

Hello Code Project,

I have used 3-tier architecture in my application and I''m trying to do Login using stores procedure, Though I am entering data that is not in database, I could Login.. If I am not using 3 tier architecture, I am able to do what I want.
please help me to improve the following code,

//Data Logic

static string ConStr = @"Data Source=ROHIT-PC\SQLEXPRESS;Initial Catalog=MPAdvisor;Integrated Security=True";
     SqlConnection con = new SqlConnection(ConStr);

     public void LogIn(string username, string password)
     {
         con.Open();

         SqlCommand cmd = new SqlCommand("LogInProcedure", con);
         cmd.CommandType = CommandType.StoredProcedure;

         cmd.Parameters.AddWithValue("@username", username);
         cmd.Parameters.AddWithValue("@password", password);

         SqlDataReader reader = cmd.ExecuteReader();
     }

//业务逻辑

//Business Logic

DataLogic.DataClass dc = new DataLogic.DataClass();

       string username, password;

       public string GetUserName
       {
           get
           {
               return username;
           }
           set
           {
               username = value;
           }
       }

       public string GetPassword
       {
           get
           {
               return password;
           }
           set
           {
               password = value;
           }
       }

       public void doLogIn()
       {
           dc.LogIn(username, password);
       }

//表示逻辑

// Presentation Logic

BusinessLogic.BusinessClass bc = new BusinessLogic.BusinessClass();

           bc.GetUserName = usernametxt.Text;
           bc.GetPassword = passwordtxt.Text;
           bc.doLogIn();

           Session["uname"] = usernametxt.Text;
           Response.Redirect("Home.aspx");

//存储过程

// Stored Procedure

ALTER PROCEDURE dbo.LogInProcedure
    @username nvarchar (50),
    @password nvarchar (50)
AS
    SET NOCOUNT ON;
SELECT  * FROM users
WHERE   user_username=@username AND user_password=@password

推荐答案

在尝试使用此代码之前，您需要纠正这些错误


1.此方法应返回某些内容.最有可能是布尔".但是它返回"void".如果结果不返回任何内容，您将如何验证结果?

You need to correct these mistakes before you try to use this code


1. This method should return something. Most probably a ''bool'' . But it returns ''void''. How are you going to verify the result if it does not return anything ????

public void LogIn(string username, string password)

2.此代码应从阅读器读取一个值.但是您的代码在此行代码之后结束.

2. This code should read a value from the reader. But your code ends after this line of code.

SqlDataReader reader = cmd.ExecuteReader();
        }

3.同样，此方法返回"void".重复同样的错误

3. Also this method returns ''void'' . Same mistake repeated

public void doLogIn()

4.即使用户能够登录或不登录，也将为他创建会话并将其重定向到Home.aspx，而与身份验证结果无关...那么，为什么需要用户名/密码本身呢?

4. Even if the user is able to login or not, the session is created for him and redirected to Home.aspx ,irrespective of the authentication result... Then why need the username/password itself ?

 bc.doLogIn(); 
Session["uname"] = usernametxt.Text;
Response.Redirect("Home.aspx");

5.密码不散列.即使是学生级别的项目也没有明文密码...

5. Passwords are not hashed. Even a student level project does not have plaintext passwords...

停止并思考您在做什么.应该使用什么代码停止登录?如果您的旧代码有效，那是因为Login方法会检查用户是否登录并返回布尔值，这意味着您可以对失败的登录进行操作.这是没有用的，您调用一个不返回任何内容的方法，如何决定是否登录某人?
''

Stop and think about what you''re doing. What code here is supposed to stop a login ? If your old code works, it''s because the Login method CHECKS if a user is logged in and returns a bool which means you can act on a failed login. This is useless, you call a method that returns nothing, how can you decide to log someone in or not ?
''

这篇关于关于3层应用程序和存储过程的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！