C# Login.aspx:我必须检查用户ID、密码以及用户的标题
实际上,我有3个系统用户,即管理员、主管和成员。因此,我有3个不同的主页。登录系统时,我希望检查ID和密码以及特定ID的标题,以便将它们重定向到相应的主页。但它不起作用,以下是我的代码:C# Login.aspx:我必须检查用户ID、密码以及用户的标题,c#,asp.net,C#,Asp.net,实际上,我有3个系统用户,即管理员、主管和成员。因此,我有3个不同的主页。登录系统时,我希望检查ID和密码以及特定ID的标题,以便将它们重定向到相应的主页。但它不起作用,以下是我的代码: using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Data
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
namespace CTIPerfAppraisalSystFINAL
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btn_login_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationCTIConnectionString"].ConnectionString);
conn.Open();
string checkuser = "Select count(*) from [tblEmployee] where UserID= '" + txt_userID + "'";
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
conn.Close();
if (temp != 1)
{
conn.Open();
string checkPassword = "Select Password from [tblEmployee] where UserID= @ID";
SqlCommand Pass = new SqlCommand(checkPassword, conn);
Pass.Parameters.Add(new SqlParameter("@ID", txt_userID.Text));
string Password = Pass.ExecuteScalar() as string;
if (!String.IsNullOrEmpty(Password)) Password.Replace(" ", "");
if (Password == txt_password.Text)
{
if ( string checktitle="Select Title from [tblEmployee] where Title='Administrator'")
{
SqlCommand cmd = new SqlCommand(checktitle, conn);
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Administrator Home Page.aspx");
conn.Close();
}
if ( string checktitle="Select Title from [tblEmployee] where Title='Director'")
{
SqlCommand cmd = new SqlCommand(checktitle, conn);
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Director Home Page.aspx");
conn.Close();
}
if ( string checktitle="Select Title from [tblEmployee] where Title='Member'");
{
SqlCommand cmd = new SqlCommand(checktitle, conn);
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Member Home Page.aspx");
conn.Close();
}
}
else
{
Response.Write("Login is incorrect.");
}
}
}
}
}我认为您将变量“txt\u userID”与Sql连接起来,而不是“txt\u userID.Text”。在后面的代码中,看起来您做得“正确”
顺便说一句:永远不要连接字符串,即使它不是生产代码-始终使用参数,否则您会被邀请进行SQL注入。您正在使非常简单的事情复杂化。只需为Title字段调用一个select,并在WHERE子句中传递要满足的条件。(用户标识和密码)。 如果满足WHERE子句中的条件,则调用ExecuteReader以获取标题。 在这一点上,只需检查您得到的标题并跳转到适当的页面即可
protected void btn_login_Click(object sender, EventArgs e)
{
using(SqlConnection conn = new SqlConnection(...))
{
conn.Open();
string cmdText = @"Select Title
from [tblEmployee]
where UserID= @id AND Password = @pwd";
SqlCommand com = new SqlCommand(cmdText, conn);
com.Parameters.AddWithValue("@id", txt_userID.Text)
com.Parameters.AddWithValue("@pwd", txt_password.Text);
using(SqlDataReader reader = com.ExecuteReader())
{
if(reader.Read())
{
string title = reader["Title"].ToString();
switch(title)
{
case "Administrator":
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Administrator Home Page.aspx");
break;
case "Director":
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Director Home Page.aspx");
break;
case "Member":
Session["New"] = txt_userID.Text;
Response.Write("Password is correct.");
Response.Redirect("~/Member Home Page.aspx");
break;
default:
Response.Write("Unknown title: " + title);
break;
}
}
else
Response.Write("Login is incorrect.");
}
}
}
if ( string checktitle="Select Title from [tblEmployee] where Title='Administrator'")
将始终为
true