C# 在定义类的位置之外使用类
我试图让我的应用程序检查SQL数据库中的Admins表,然后获取当前用户所属部门的名称。之后,我想检查另一个表,只选择属于该部门的新闻项目 下面显示了我是如何进行的,但是问题在于在While循环之外使用mydepartment变量(在第二个SQL查询中使用) 除此之外,一切正常。任何帮助都将不胜感激C# 在定义类的位置之外使用类,c#,asp.net,sql,scope,datareader,C#,Asp.net,Sql,Scope,Datareader,我试图让我的应用程序检查SQL数据库中的Admins表,然后获取当前用户所属部门的名称。之后,我想检查另一个表,只选择属于该部门的新闻项目 下面显示了我是如何进行的,但是问题在于在While循环之外使用mydepartment变量(在第二个SQL查询中使用) 除此之外,一切正常。任何帮助都将不胜感激 public string username = System.Web.HttpContext.Current.User.Identity.Name.Split('\\')[1]; public s
public string username = System.Web.HttpContext.Current.User.Identity.Name.Split('\\')[1];
public string mydepartment;
protected void Page_Load(object sender, EventArgs e)
{
lblUser.Text = username.ToString();
SqlConnection myConnection = new SqlConnection();
myConnection.ConnectionString = @"Data Source=.\SQLEXPRESS;AttachDbFileName=|DataDirectory|\Database1.mdf;Integrated Security=True;User Instance=True";
myConnection.Open();
string selectretrieveSQL = ("SELECT * FROM Admins WHERE userid = '" + username.ToString() + "'");
SqlCommand retrieveinfocmd = new SqlCommand(selectretrieveSQL, myConnection);
SqlDataReader reader = retrieveinfocmd.ExecuteReader();
while (reader.Read())
{
ListItem newItem = new ListItem();
newItem.Text = reader["Department"].ToString();
newItem.Value = reader["userid"].ToString();
UserIds.Items.Add(newItem);
mydepartment = reader["Department"].ToString();
mydepartmentlbl.Text = reader["Department"].ToString();
}
reader.Close();
string selectNewsSQL = ("SELECT * FROM NewsItems WHERE Department = '" + mydepartment + "'");
}
首先,我强烈建议您创建一些类来保存数据库对象的属性 例如,您的管理员可能如下所示:
public class Admin
{
public string Username { get; set; }
public string Department { get; set; }
// .. More properties here
}
protected void Page_Load(object sender, EventArgs e)
{
var connectionString = @"Data Source=.\SQLEXPRESS;AttachDbFileName=|DataDirectory|\Database1.mdf;Integrated Security=True;User Instance=True";
using(var connection = InitializeDatabase(connectionString))
{
var admin = GetAdminsByUsername(connection, username).FirstOrDefault();
if(admin == null)
{
// No admin was found, do something here.
return;
}
var newItem = new ListItem();
newItem.Text = admin.Department.
newItem.Value = admin.Username;
// Keep your controls named consistently, don't use shorthands
// since you already have IntelliSense to auto-complete them for you
usernameLabel.Text = admin.Username;
departmentLabel.Text = admin.Department;
}
static SqlConnection InitializeDatabase(string connectionString)
{
var connection = new SqlConnection(connectionString);
connection.Open();
return connection;
}
管理员static IEnumerable<Admin> GetAdminsByUsername(SqlConnection connection,
string username)
{
var adminList = new List<Admin>();
// You really should be using stored procedures here instead...
var query = @"SELECT * FROM Admins WHERE Username = @Username";
using (var command = new SqlCommand(query, connection))
{
command.Parameters.AddWithValue("@Username", username);
using (var reader = command.ExecuteReader())
{
while (reader.Read())
{
var adminUsername = reader["Username"].ToString();
var adminDepartment = reader["Department"].ToString();
var admin = new Admin
{
Username = adminUsername,
Department = adminDepartment
};
adminList.Add(admin);
}
reader.Close();
return adminList;
}
}
}
这至少可以让您从正确的方向开始。首先,我强烈建议您创建一些类来保存数据库对象的属性 例如,您的管理员可能如下所示:
public class Admin
{
public string Username { get; set; }
public string Department { get; set; }
// .. More properties here
}
protected void Page_Load(object sender, EventArgs e)
{
var connectionString = @"Data Source=.\SQLEXPRESS;AttachDbFileName=|DataDirectory|\Database1.mdf;Integrated Security=True;User Instance=True";
using(var connection = InitializeDatabase(connectionString))
{
var admin = GetAdminsByUsername(connection, username).FirstOrDefault();
if(admin == null)
{
// No admin was found, do something here.
return;
}
var newItem = new ListItem();
newItem.Text = admin.Department.
newItem.Value = admin.Username;
// Keep your controls named consistently, don't use shorthands
// since you already have IntelliSense to auto-complete them for you
usernameLabel.Text = admin.Username;
departmentLabel.Text = admin.Department;
}
static SqlConnection InitializeDatabase(string connectionString)
{
var connection = new SqlConnection(connectionString);
connection.Open();
return connection;
}
管理员static IEnumerable<Admin> GetAdminsByUsername(SqlConnection connection,
string username)
{
var adminList = new List<Admin>();
// You really should be using stored procedures here instead...
var query = @"SELECT * FROM Admins WHERE Username = @Username";
using (var command = new SqlCommand(query, connection))
{
command.Parameters.AddWithValue("@Username", username);
using (var reader = command.ExecuteReader())
{
while (reader.Read())
{
var adminUsername = reader["Username"].ToString();
var adminDepartment = reader["Department"].ToString();
var admin = new Admin
{
Username = adminUsername,
Department = adminDepartment
};
adminList.Add(admin);
}
reader.Close();
return adminList;
}
}
}
这至少可以让你朝着正确的方向开始。抛开之前海报上所说的一切,我同意所有这些,所呈现的代码将不起作用,因为在while循环期间,你所做的是用用户信息填充列表框或某种下拉列表(显示为Department,值为Userid) 如果希望能够根据部门获取更多信息,则需要处理该列表框或select的SelectedIndexChanged事件(或类似事件),获取当前选定的文本值,然后创建第二个查询并执行它 但是,请务必遵循前面海报的建议,您不必使用存储过程,但您确实应该在查询中使用参数。想象一下,如果某个讨厌的人设法传递了一个用户IDl33t';删除表管理员,会发生什么情况。然后,您的页面将执行以下操作:
SELECT * FROM Admins WHERE userid = 'l33t';drop table Admins;
希望这能有所帮助。抛开之前海报上所说的一切,我同意所有这些,呈现的代码将不起作用,因为在while循环过程中,您所做的是用用户信息填充列表框或某种下拉列表(显示为Department,值为Userid) 如果希望能够根据部门获取更多信息,则需要处理该列表框或select的SelectedIndexChanged事件(或类似事件),获取当前选定的文本值,然后创建第二个查询并执行它 但是,请务必遵循前面海报的建议,您不必使用存储过程,但您确实应该在查询中使用参数。想象一下,如果某个讨厌的人设法传递了一个用户IDl33t';删除表管理员,会发生什么情况。然后,您的页面将执行以下操作:
SELECT * FROM Admins WHERE userid = 'l33t';drop table Admins;
希望这能有所帮助。你不会说它是如何工作的。我清理了代码格式,看起来如果该用户名确实有数据的话,
mydepartmentmydepartmentmydepartmentmydepartment