我如何实现此会话:(UserID是登录表的一部分)
Session["UserID"]="usrName";
变成这段代码?
using System;
using System.Data;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.Odbc;
using System.Data.SqlClient;
public partial class Default2 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
Login1.Authenticate += Login1_Authenticate;
}
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
//database connection string
OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite; User=x; Password=x; OPTION=3;");
cn.Open();
OdbcCommand cmd = new OdbcCommand("Select * from User where username=? and password=?", cn);
//Select the username and password from mysql database in login table
cmd.Parameters.Add("@username", OdbcType.VarChar);
cmd.Parameters["@username"].Value = this.Login1.UserName;
cmd.Parameters.Add("@password", OdbcType.VarChar);
cmd.Parameters["@password"].Value = this.Login1.Password;
//use asp login control to check username and password
cmd.Parameters.Add(new OdbcCommand("@UserID", 'id.int'));
OdbcDataReader dr = default(OdbcDataReader);
// Initialise a reader to read the rows from the login table.
// If row exists, the login is successful
dr = cmd.ExecuteReader();
int id = cmd.Parameters["@UserID"].Value;
Session["UserID"]="usrName";
if (dr.Read())
{
e.Authenticated = true;
Response.Redirect("UserProfileWall.aspx");
// Event Authenticate is true forward to user profile
}
}
}
当有人在登录时在其中输入用户名和密码时,我需要能够检索到正确的UserID,然后又需要如何在新页面上检索到该用户名(例如,这样才能撤消它,但不确定)?
string usrName = Convert.ToString(Session["UserID"]);
我只是不知道如何将会话的第一部分添加到我的登录代码中,因此我可以一些如何在会话中存储UserID的方法,还可以从mysql登录表中提交的数据中检索正确的UserID。
最佳答案
它很脏,而且是错误的,但是我猜这可以在一定程度上起作用。
protected void Login1_Authenticate(object sender, AuthenticateEventArgs e)
{
var sql = @"SELECT * from Users where userName = ?user and password = ?pass";
DataSet ds = new DataSet();
MySqlCommand commandWithParams = new MySqlCommand(sql);
commandWithParams.Parameters.AddWithValue("?user", Login1.UserName);
commandWithParams.Parameters.AddWithValue("?pass", Login1.Password);
MySqlConnection conn = new MySqlConnection("myconn string");
if (conn.State != ConnectionState.Open)
conn.Open();
commandWithParams.Connection = conn;
MySqlDataAdapter da = new MySqlDataAdapter(commandWithParams);
da.Fill(ds);
DataTable dt = ds.Tables[0];
DataRow dr = dt.Rows[0];
conn.Close();
conn.Dispose();
da.Dispose();
if (dt.Rows.Count != 0)//I'm sure this has a better way
{
Session["userId"] = Convert.ToString(dr["userId"]);
Session["userName"] = Convert.ToString(dr["userName"]);
e.Authenticated = true;
Reponse.Redirect("your_page.aspx");
}
else
{
e.Authenticated = false;
}
}
这里再次使用Reader方法和Odbc。
OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite; User=x; Password=x; OPTION=3;");
cn.Open();
OdbcCommand cmd = new OdbcCommand("Select * from users where username=? and password=?", cn);
cmd.Parameters.Add("@username", OdbcType.VarChar);
cmd.Parameters["@username"].Value = "test";
cmd.Parameters.Add("@password", OdbcType.VarChar);
cmd.Parameters["@password"].Value = "test1";
OdbcDataReader dr = default(OdbcDataReader);
dr = cmd.ExecuteReader();
if (dr.HasRows)
{
dr.Read();
string theUser = (string)dr["userName"];
string theUserId = Convert.ToString(dr["userId"]);
}
您可以像这样将
theUser
和theUserId
设置为会话:Session.Add("userName", theUser);
Session.Add("userId", theUserId);