当用户使用Vendor_ID和密码登录时,他将根据条件重定向到2个不同的页面。如果他已经在网站上注册并且他的注册被网络管理员批准,他将重定向到'RegPage1.aspx',否则重定向到'ApprovalStatus.aspx'。如果用户输入错误的Vendor_ID或密码,它将抛出错误消息“输入有效的VendorID或密码”。所以我写下了C#代码。 它工作正常但是任何人都可以通过合并两个SQL查询来帮助我简单地这样做,检查'User_Info'表中的vendor_ID可用性和ApprovalStatus检查'Company_Info'表吗?
protected void BtnHomeUserSubmit_Click(object sender, EventArgs e)
{
SqlConnection SqlCon = new SqlConnection(GetConnectionString());
try
{
if ((txtHomeUsername.Text == "") || (txtHomePassword.Text == ""))
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "Alert", "alert ('Enter valid VendorID or Password');", true);
}
else
{
var da1 = new SqlDataAdapter("select * from User_Info where Vendor_ID='" + txtHomeUsername.Text.Trim() + "'", SqlCon);
var dt1 = new DataTable();
da1.Fill(dt1);
if (dt1.Rows.Count > 0)
{
var da2 = new SqlDataAdapter("select * from Company_Info where Approval_Status='NO' AND Vendor_ID='" + txtHomeUsername.Text.Trim() + "'", SqlCon);
var dt2 = new DataTable();
da2.Fill(dt2);
if (dt2.Rows.Count > 0)
{
string url = "ApprovalStatus.aspx";
ClientScript.RegisterStartupScript(this.GetType(), "callfunction", "alert('Your Vendor ID is already registered');window.location.href = '" + url + "';", true);
}
else
{
Response.Redirect("RegPage1.aspx?Parameter=" + Server.UrlEncode (txtHomeUsername.Text));
}
}
ScriptManager.RegisterStartupScript(this, this.GetType(), "Alert", "alert('Enter valid VendorID or Password');", true);
}
}
finally
{
SqlCon.Close();
}
}
答案 0 :(得分:0)
首先你应该protect your code from SQL injection。
如果你想:
合并两个SQL查询,检查'User_Info'表中的vendor_ID可用性,并检查'Company_Info'表中的ApprovalStatus
然后JOIN两个表:
SELECT *
FROM User_Info ui
INNER JOIN Company_Info ci On ui.VendorID = ci.VendorID
WHERE ci.Approval_Status='NO'
AND ui.Vendor_ID = @vendor_IdParam
答案 1 :(得分:0)
您可以尝试以下查询,即JOIN:
SELECT a.*,b.* FROM user_info a JOIN company_info b on a.vendor_id=b.vendor_id WHERE a.vendor_id='txt_username' AND b.approval_status='NO'
答案 2 :(得分:0)
@ mahmoud-gamal和@ colin-mackay提出的优点 - 摆脱允许SQL注入的代码。 免责声明我没有对此进行测试并且是从内存中编写的,但它应该可以让您了解如何解决问题。
要回答你的问题,它会看起来像这样。
<强>逻辑 1)从Company_info表中获取用户,并在Company_info表上获取 LEFT JOIN 。 的结果: 如果没有返回任何行,则登录/注册无效。 如果“任何”行,那么检查Company_info中是否存在关联记录(空值)。如果不是“NullOrEmpty”,则登录/注册是有效的。 ELSE供应商已经注册。
using(SqlConnection SqlCon = new SqlConnection(GetConnectionString()) {
var sqlString = "SELECT u.UserID, c.CompanyID FROM User_Info u LEFT JOIN Company_Info c ON c.VendorID = u.VendorID WHERE u.Vendor_ID = @p_VendorID AND c.Approval_Status='NO'";
var da1 = new SqlDataAdapter(sqlString, SqlCon);
da1.SelectCommand.Parameters.Add("@p_VendorID", SqlDbType.VarChar, 256);
da1.SelectCommand.Parameters["@p_VendorID"].Value = txtHomeUsername.Text.Trim();
var dt1 = new DataTable();
da1.Fill(dt1);
if(da1.Rows.Any()){
string userId = string.Empty;
string companyId = string.Empty;
foreach(DataRow row in dt1.Rows){
userId = row["name"].ToString();
companyId = row["description"].ToString();
}
if(!string.IsNullOrEmpty(companyId)) {
string url = "ApprovalStatus.aspx";
ClientScript.RegisterStartupScript(this.GetType(), "callfunction", "alert('Your Vendor ID is already registered');window.location.href = '" + url + "';", true);
} else {
Response.Redirect("RegPage1.aspx?Parameter=" + Server.UrlEncode (txtHomeUsername.Text));
}
} else {
ScriptManager.RegisterStartupScript(this, this.GetType(), "Alert", "alert('Enter valid VendorID or Password');", true);
}
}