HI~我有一个关于如何从特定帐户检索数据的问题。 例如,数据库中存在4个错误报告
将2个错误报告分配给开发人员a,另外2个错误报告分配给开发人员b。
如果我以开发人员身份登录,我只能查看分配给我的2个错误。 我该如何设置代码?
(PS:许多答案的thx指出我的编码存在SQL注入风险,我将在完成作业后编辑它。:))
这是我的编码:
private void bug_view_Click(object sender, EventArgs e)
{
dataGridView1.Visible = true;
bug_info_panel.Visible = true;
string constring = "datasource=localhost;username=root;password=";
MySqlConnection conDataBase = new MySqlConnection(constring);
MySqlCommand cmdDataBase = new MySqlCommand("select * from bug.bug where Assigned = '';", conDataBase);
try
{
dataGridView1.Visible = true;
MySqlDataAdapter sda = new MySqlDataAdapter();
sda.SelectCommand = cmdDataBase;
DataTable dbdataset = new DataTable();
sda.Fill(dbdataset);
BindingSource bSource = new BindingSource();
bSource.DataSource = dbdataset;
dataGridView1.DataSource = bSource;
sda.Update(dbdataset);
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
这是我的登录表单enter code here:
try
{
bool IsAdminUser = false;
bool IsDeveloper = false;
string myConnection = "datasource=localhost;username=root;password=";
MySqlConnection myConn = new MySqlConnection(myConnection);
MySqlCommand SelectCommand = new MySqlCommand("select * from logintable.account where id='" + this.username_txt.Text + "' and password='" + this.password_txt.Text + "' ;", myConn);
MySqlDataReader myReader;
myConn.Open();
myReader = SelectCommand.ExecuteReader();
int count = 0;
while (myReader.Read())
{
count = count + 1;
IsAdminUser = myReader["permissions"].ToString().Equals("Admin");
IsDeveloper = myReader["permissions"].ToString().Equals("Developer");
}
if (count == 1 && IsDeveloper == true)
{
MessageBox.Show("You are logged in as Developer ");
this.Hide();
DeveloperForm developform = new DeveloperForm();
developform.ShowDialog();
}
else if (count == 1 && IsAdminUser == true)
{
MessageBox.Show("You are logged in as administrator ");
this.Hide();
AdminForm adminForm = new AdminForm();
adminForm.ShowDialog();
}
else if (count == 1)
{
MessageBox.Show("You are logged in");
this.Hide();
UserForm userform = new UserForm();
userform.ShowDialog();
}
else
MessageBox.Show("Username or Password is not correct ..Please try again");
myConn.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
答案 0 :(得分:0)
我可以看到您没有使用推荐的身份验证方法。 无论如何,您可以使用Application / Session变量实现您想要的功能。 用户登录后,创建一个应用程序/会话变量并将用户ID存储在以下内容中:
Application["user_id"]=myReader["Id"];
或
Session["user_id"]=myReader["Id"];
然后你可以使用这个值来获取像
这样的Bug报告MySqlCommand cmdDataBase = new MySqlCommand("select * from bug.bug where Assigned = @user;", conDataBase);
cmdDataBase.Parameters.AddWithValue("@user",Application["user_id"])
希望这有帮助