C# 我想根据用户id的会话将数据从SQL Server显示到ASP.NET文本框
我尝试了下面的编码,但什么也没发生。所有文本框均为空C# 我想根据用户id的会话将数据从SQL Server显示到ASP.NET文本框,c#,asp.net,sql-server,C#,Asp.net,Sql Server,我尝试了下面的编码,但什么也没发生。所有文本框均为空 protected void Page_Load(object sender, EventArgs e) { SqlConnection con = new SqlConnection("Data Source=USER-PC;Initial Catalog=1GCAttendanceManagementSystem;Integrated Security=True"); DataTable dt = new DataTa
protected void Page_Load(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Data Source=USER-PC;Initial Catalog=1GCAttendanceManagementSystem;Integrated Security=True");
DataTable dt = new DataTable();
con.Open();
SqlDataReader myReader = null;
SqlCommand myCommand = new SqlCommand("select * from Employee where EmpUsername='" + Session["id"] + "'", con);
myReader = myCommand.ExecuteReader();
while (myReader.Read())
{
txtCode.Text = (myReader["EmployeeId"].ToString());
txtUsername.Text = (myReader["EmpUsername"].ToString());
txtPass.Text = (myReader["EmpPassword"].ToString());
txtEmail.Text = (myReader["EmpEmail"].ToString());
txtFirstname.Text = (myReader["EmpFirstName"].ToString());
txtLastname.Text = (myReader["EmpLastName"].ToString());
txtGender.Text = (myReader["EmpGender"].ToString());
txtContact.Text = (myReader["EmpContact"].ToString());
txtAddress.Text = (myReader["EmpAddress"].ToString());
txtDept.Text = (myReader["EmpDept"].ToString());
}
con.Close();
}
你能试试下面的吗 为了更好地实现,我做了如下几项更改
- 已删除SQL注入漏洞
- 连接已更改为使用
- 而(myReader.Read())更改为if(myReader.Read())
protected void Page_Load(object sender, EventArgs e)
{
using (SqlConnection con = new SqlConnection("Data Source=USER-PC;Initial Catalog=1GCAttendanceManagementSystem;Integrated Security=True"))
{
con.Open();
SqlDataReader myReader = null;
var salaryParam = new SqlParameter("EmpUsername", SqlDbType.VarChar);
salaryParam.Value = Session["id"];
SqlCommand myCommand = new SqlCommand("select TOP 1 * from Employee where EmpUsername='@EmpUsername'", con);
myCommand.Parameters.Add(salaryParam);
myReader = myCommand.ExecuteReader();
if (myReader.Read())
{
txtCode.Text = (myReader["EmployeeId"].ToString());
txtUsername.Text = (myReader["EmpUsername"].ToString());
txtPass.Text = (myReader["EmpPassword"].ToString());
txtEmail.Text = (myReader["EmpEmail"].ToString());
txtFirstname.Text = (myReader["EmpFirstName"].ToString());
txtLastname.Text = (myReader["EmpLastName"].ToString());
txtGender.Text = (myReader["EmpGender"].ToString());
txtContact.Text = (myReader["EmpContact"].ToString());
txtAddress.Text = (myReader["EmpAddress"].ToString());
txtDept.Text = (myReader["EmpDept"].ToString());
}
}
}
如果您的连接字符串、查询和检索字段名称正确,请在页面加载中尝试此代码…它将起作用
if (!IsPostBack)
{
con.Open();
SqlCommand cmd = new SqlCommand("select * from Employee where EmpUsername='" + Session["id"] + "'",con);
SqlDataReader dr = cmd.ExecuteReader();
while (dr.Read())
{
txtCode.Text = (dr["EmployeeId"].ToString());
txtUsername.Text = (dr["EmpUsername"].ToString());
txtPass.Text = (dr["EmpPassword"].ToString());
txtEmail.Text = (dr["EmpEmail"].ToString());
txtFirstname.Text = (dr["EmpFirstName"].ToString());
txtLastname.Text = (dr["EmpLastName"].ToString());
txtGender.Text = (dr["EmpGender"].ToString());
txtContact.Text = (dr["EmpContact"].ToString());
txtAddress.Text = (dr["EmpAddress"].ToString());
txtDept.Text = (dr["EmpDept"].ToString());
}
dr.Close();
con.Close();
}
-您不应该将SQL语句连接在一起-使用参数化查询来避免SQL注入-签出并放入调试器,然后检查是否获取值?我已经选中了,文本框仍然为空。放入断点检查会话[“id”]是否为空..如果您的表中包含具有该特定会话[“id”的数据]当然,剩下的代码会在文本框中给出结果。如果你需要进一步的帮助,请询问我。。