新用户相关问题的代码 [英] Code for new user related issues

问题描述

我正在asp.net-c#上做最后一年的项目，这是一家医院的网站.
我有3个问题.
1)当用户已经创建了一个帐户并尝试创建另一个具有相同名称的帐户时，将显示错误消息.我已将用户名作为主键.

Hi,
Am doing ma final year project on asp.net-c# which is a website for a hospital.
I''ve 3 questions.
1)When an user has created an account already and tries to create another account with the same name an error msg should be displayed. I''ve given username as primary key.

using System;
public partial class appointment : System.Web.UI.Page
{
    public SqlConnection con = new SqlConnection("Data Source=ADMINISTRATOR\\SQLEXPRESS;Initial Catalog=Hospital;Integrated Security=True");
    public SqlDataAdapter da;
    public DataSet ds;
    protected void Page_Load(object sender, EventArgs e)
    {
        lblexists.Visible = false; // label box to display an error msg
    }
    protected void btnaccount_Click(object sender, EventArgs e)
    {
        con.Open();
        { 
            SqlCommand cmd = new SqlCommand("insert into Userreg values(''" + txtnewuser.Text + "'',''" + txtnpwd.Text + "'',''" + txtcpwd.Text + "'',''" + txtphone.Text + "'',''" + txtemail.Text + "'',''" + txtlocation.Text + "'')", con);                  
            cmd.ExecuteNonQuery();           
            Page.ClientScript.RegisterStartupScript(this.GetType(), "me", "alert(''Account Created succecfully'')", true);            
            txtnewuser.Text = "";           
            txtnpwd.Text = "";            
            txtcpwd.Text = "";            
            txtphone.Text = "";            
            txtemail.Text = "";
            txtlocation.Text = "";
         con.Close();
        }
        Response.Redirect("reqopat.aspx");
    }
}

2)我使用了一个网页，用户可以在该网页上请求约会.我已使用2 ddl，部门名称使用ddl ID = SelectASpeciality，医生名称使用ddl ID = SelectADoctor.当我从SelectASpeciality ddl中选择一个部门名称时，我希望该部门的所有医生都显示在SelectADoctor ddl中.

3)我已经为AdRotator创建了XML文件.但是无法添加图片网址.如何添加图片网址.

请使用简单的代码帮助我，以便我可以轻松地回答一些重大问题.

2)I''ve used a webpage where users can request an appointment. I''ve used 2 ddl, ddl ID=SelectASpeciality for department names and ddl ID=SelectADoctor for doctor names. When I select a department name from SelectASpeciality ddl, I wan all the doctors of that department to be displayed in SelectADoctor ddl.

3)I''ve created a XML file for AdRotator. But am not able add image url. How do I add image url.

Plz help me with an easy code so that i can answer ma viva questions with ease.

推荐答案

首先， 从不 接受未经验证的用户输入并连接SQL命令. 曾经！ 知道了吗?！?对SQL注入攻击进行一些研究.

不要全局实例化连接对象.仅在必要时创建它.

了解关于using子句的信息，如

First of all, NEVER accept unvalidated user input and concatenate a SQL command. EVER! Got it?!? Do some research on SQL Injection attack.

Don''t instantiate your connection object globally. Create it only when necessary.

Learn to about using clause, as in

using(SqlCommand cmd = new SqlCommand(...))
{

}

已经存在一个用户数据库，该数据库具有用于注册，唯一命名，密码重置等的所有功能.

There is already a user database available with all the functionality for registration, unique naming, password reset, etc. http://msdn.microsoft.com/en-us/library/ms229862(v=vs.80).aspx[^]

I''令我感到惊讶的是，没有人提到它，但是用户名"是LOUSY主键.不要这样做！

让数据库自动分配ID号作为用户表的主键.

I''m kind of surprised nobody mentioned this, but a "username" is a LOUSY primary key. DO NOT DO THAT!

Let the database autoassign ID numbers as the primary key for your user table.

请参阅:
http://en.wikipedia.org/wiki/SQL_injection [

Please see:
http://en.wikipedia.org/wiki/SQL_injection[^].

(In addition to the important point made by Mark Nischalke.)

—SA

这篇关于新用户相关问题的代码的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！