Asp.net mvc 3 如何在MVC3中获取Resourcename的用户名?
我有一张桌子Asp.net mvc 3 如何在MVC3中获取Resourcename的用户名?,asp.net-mvc-3,c#-4.0,Asp.net Mvc 3,C# 4.0,我有一张桌子 Resource ResourceId | ResourceName |username | password 1 | raghu | aaaa | ****** 2 | anil | bbbb | ****** BugHistory BugHisoryId | FixedByID | AssignedByID 1 |
Resource
ResourceId | ResourceName |username | password
1 | raghu | aaaa | ******
2 | anil | bbbb | ******
BugHistory
BugHisoryId | FixedByID | AssignedByID
1 | 2 | 1
2 | 1 | 2
谁是登录名?使用相同的用户名获取Resourcename。
FixedByIdforeign键(FixedById)参考资源(ResourceId)
我的控制器代码
public ActionResult BugHistory(BugTracker_DataHelper bugdatahelepr, string loginname, string EmployeName)
{
Session["UserName"] = "aaaa";
loginname = Session["UserName"].ToString();
//bugdatahelepr.Username = loginname.ToString();
//var username = bugdatahelepr.Username;
SqlConnection connection = new SqlConnection(@"Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=MvcBugTracker;Data Source=SSDEV6\SQLEXPRESS");
connection.Open();
SqlCommand cmd = new SqlCommand("select ResourceName from Resources where UserName =" + loginname, connection);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
bugdatahelepr.FixedByID = Convert.ToInt16(dr["ResourceName"]);
//updatemodel.ProjectId = Convert.ToInt16(dr["ProjectId"]);
}
else
{
dr.Close();
}
dr.Close();
connection.Close();
//ViewBag.BugHistoryId = new SelectList(ToStatusDropdown(), "BugHistoryId", "ToStatus");
//ViewData.AssignedToID=new SelectList()
return View();
}
<%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage<Gridview_BugTracker.Models.BugTracker_DataHelper>" %>
<!DOCTYPE html>
<html>
<head runat="server">
<title>BugHistory</title>
</head>
<body>
<div>
<%: ViewBag.Title = "BugHistory"%>
<% using (Html.BeginForm())
{ %>
<%:Html.ValidationSummary(true)%>
<fieldset>
<legend>BugHistory</legend>
<div class="editor-label">
<%:Html.LabelFor(model => model.FixedByID)%>
</div>
<div class="editor-field">
<%:Html.LabelFor(model => model.FixedByID)%>
<%:Html.ValidationMessageFor(model => model.FixedByID)%>
</div>
<div class="editor-label">
<%:Html.LabelFor(model => Model.Resolution)%>
</div>
<div class="editor-field">
<%:Html.EditorFor(model => model.Resolution)%>
<%:Html.ValidationMessageFor(model => model.Resolution)%>
</div>
<%: Html.DropDownList("BugHistoryId", (SelectList)ViewBag.BugHistoryId, "--Select Project--")%>
<%: Html.ValidationMessage("BugHistoryId")%>
</fieldset>
<% }%>
<form action="AssignProject.aspx" method="post">
<p> <input type="submit" value="insert" /></p>
</form>
</div>
</body>
</html>
我的视图代码
public ActionResult BugHistory(BugTracker_DataHelper bugdatahelepr, string loginname, string EmployeName)
{
Session["UserName"] = "aaaa";
loginname = Session["UserName"].ToString();
//bugdatahelepr.Username = loginname.ToString();
//var username = bugdatahelepr.Username;
SqlConnection connection = new SqlConnection(@"Integrated Security=SSPI;Persist Security Info=False;Initial Catalog=MvcBugTracker;Data Source=SSDEV6\SQLEXPRESS");
connection.Open();
SqlCommand cmd = new SqlCommand("select ResourceName from Resources where UserName =" + loginname, connection);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read())
{
bugdatahelepr.FixedByID = Convert.ToInt16(dr["ResourceName"]);
//updatemodel.ProjectId = Convert.ToInt16(dr["ProjectId"]);
}
else
{
dr.Close();
}
dr.Close();
connection.Close();
//ViewBag.BugHistoryId = new SelectList(ToStatusDropdown(), "BugHistoryId", "ToStatus");
//ViewData.AssignedToID=new SelectList()
return View();
}
<%@ Page Language="C#" Inherits="System.Web.Mvc.ViewPage<Gridview_BugTracker.Models.BugTracker_DataHelper>" %>
<!DOCTYPE html>
<html>
<head runat="server">
<title>BugHistory</title>
</head>
<body>
<div>
<%: ViewBag.Title = "BugHistory"%>
<% using (Html.BeginForm())
{ %>
<%:Html.ValidationSummary(true)%>
<fieldset>
<legend>BugHistory</legend>
<div class="editor-label">
<%:Html.LabelFor(model => model.FixedByID)%>
</div>
<div class="editor-field">
<%:Html.LabelFor(model => model.FixedByID)%>
<%:Html.ValidationMessageFor(model => model.FixedByID)%>
</div>
<div class="editor-label">
<%:Html.LabelFor(model => Model.Resolution)%>
</div>
<div class="editor-field">
<%:Html.EditorFor(model => model.Resolution)%>
<%:Html.ValidationMessageFor(model => model.Resolution)%>
</div>
<%: Html.DropDownList("BugHistoryId", (SelectList)ViewBag.BugHistoryId, "--Select Project--")%>
<%: Html.ValidationMessage("BugHistoryId")%>
</fieldset>
<% }%>
<form action="AssignProject.aspx" method="post">
<p> <input type="submit" value="insert" /></p>
</form>
</div>
</body>
</html>
当我登录页面时,用户名aaaa获得Resourcename。有人能帮我吗
IN veiw page i Diplay like this
FixedBYID -----------raghu <---Lable in disabale
AssignedBY ID-------- anil <----dropdownlist in disable
在视频页面中,我会这样显示
FixedBYID---------raghu在这段代码中有几点需要改进。首先,总是(我的意思是总是)使用
语句在中包装连接和数据读取器
其次,不要连接字符串来构建SQL查询。这将使您面临SQL插入攻击。相反,您应该使用参数
现在,对于您看到的错误。您只需将用户名附加到查询,这将使您的查询如下所示:
select ResourceName from Resources where UserName =aaaa
using( var connection = new SqlConnection(@".... your connection string here ...") )
{
connection.Open();
var cmd = new SqlCommand("select ResourceName from Resources where UserName =@username", connection);
cmd.Parameters.Add( name, DbType.String ).Value = loginName;
using( var reader = cmd.ExecuteReader() )
{
if (dr.Read())
{
// read your data here
}
}
}
未引用用户名,这意味着数据库服务器将尝试查找名为“aaaa”的列。这正是您看到的错误消息
您的数据访问代码应该如下所示:
select ResourceName from Resources where UserName =aaaa
using( var connection = new SqlConnection(@".... your connection string here ...") )
{
connection.Open();
var cmd = new SqlCommand("select ResourceName from Resources where UserName =@username", connection);
cmd.Parameters.Add( name, DbType.String ).Value = loginName;
using( var reader = cmd.ExecuteReader() )
{
if (dr.Read())
{
// read your data here
}
}
}
您得到错误是因为:
- 您没有使用引号-在sql中,字符串常量需要包含在“”中
- 你做错了:你应该使用参数而不是串接字符串
从错误中看,问题似乎是它试图在数据库中查找列aaaa
,而不是列username
@GarrettFogerlie…这是我的查询“select ResourceName From Resources where username=“+loginname,@GarrettFogerlie。。我在数据库中得到相同的用户名,甚至我得到了这种类型的错误来了..我应该做的..看起来@Marnix van Valen回答了你的问题,除此之外,不要连接字符串来构建SQL查询(如他所说),这让黑客可以选择使用SQL语句作为他们的用户名,它将针对你的数据库执行(SQL注入。)