我正在使用ASP.NET 4.0,C#和SQL Server 2008开发网站。在我的登录页面中,同一用户在注册时应多次登录。在“Step-I”注册后,用户将等待Admin Approval。在“仅限管理员批准”之后,用户可以重定向到“Step-II”注册页面。所以我写下面的代码。但根据我的代码,如果没有管理员批准,当用户第二次登录时,页面会重定向到“第二步”注册。怎么预防呢?需要帮助。
protected void BtnHomeUserSubmit_Click(object sender, EventArgs e)
{
SqlConnection SqlCon = new SqlConnection(GetConnectionString());
try
{
var da1 = new SqlDataAdapter
("select * from User_Info2 where Vendor_ID ='" + txtHomeUsername.Text.Trim() + "'
AND User_Password='" + txtHomePassword.Text.Trim() + "'", SqlCon);
var dt1 = new DataTable();
da1.Fill(dt1);
if (dt1.Rows.Count == 0)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "Alert",
"alert('Enter valid Vendor ID and Password');", true);
}
else
{
var da2 = new SqlDataAdapter
("select * from Company_Info where Vendor_ID='"+ txtHomeUsername.Text+"'
AND Approval_Status='NO' OR Approval_Status='PEN'", SqlCon);
var dt2 = new DataTable();
da2.Fill(dt2);
if (dt2.Rows.Count > 0)
{
string url = "../ApprovalStatus2.aspx?Parameter=" + Server.UrlEncode(txtHomeUsername.Text);
ClientScript.RegisterStartupScript(this.GetType(),
"callfunction","alert('Vendor ID is waiting for Approval');
window.location.href = '" + url + "';", true);
}
var da3 = new SqlDataAdapter
("select Vendor_ID from RegPage1 where Vendor_ID='" + txtHomeUsername.Text.Trim() + "'",SqlCon);
var dt3 = new DataTable();
da3.Fill(dt3);
if (dt3.Rows.Count > 0)
{
string url = "../UserLogin.aspx";
ClientScript.RegisterStartupScript(this.GetType(),"callfunction","alert
('Vendor ID already completed the registration');window.location.href ='" + url + "';", true);
}
else
{
Response.Redirect("~/RegPage1.aspx?Parameter=" + Server.UrlEncode(txtHomeUsername.Text));
}
}
}
finally
{
SqlCon.Close();
}
答案 0 :(得分:0)
更改您的编码:
var da2 = new SqlDataAdapter
("select * from Company_Info where Vendor_ID='"+ txtHomeUsername.Text+"'
AND (Approval_Status='NO' OR Approval_Status='PEN')", SqlCon);
如果有帮助,请告诉我。
答案 1 :(得分:0)
代码更改:请检查并告诉我
protected void BtnHomeUserSubmit_Click(object sender, EventArgs e)
{
SqlConnection SqlCon = new SqlConnection(GetConnectionString());
try
{
var da1 = new SqlDataAdapter
("select * from User_Info2 where Vendor_ID ='" + txtHomeUsername.Text.Trim() + "'
AND User_Password='" + txtHomePassword.Text.Trim() + "'", SqlCon);
var dt1 = new DataTable();
da1.Fill(dt1);
if (dt1.Rows.Count == 0)
{
ScriptManager.RegisterStartupScript(this, this.GetType(), "Alert",
"alert('Enter valid Vendor ID and Password');", true);
}
else
{
var da2 = new SqlDataAdapter
("select * from Company_Info where Vendor_ID='"+ txtHomeUsername.Text+"'
AND (Approval_Status='NO' OR Approval_Status='PEN')", SqlCon);
var dt2 = new DataTable();
da2.Fill(dt2);
if (dt2.Rows.Count > 0)
{
string url = "../ApprovalStatus2.aspx?Parameter=" +
Server.UrlEncode(txtHomeUsername.Text);
ClientScript.RegisterStartupScript(this.GetType(),
"callfunction","alert('Vendor ID is waiting for Approval');
window.location.href = '" + url + "';", true);
}
else
{
var da3 = new SqlDataAdapter
("select Vendor_ID from RegPage1 where Vendor_ID='" +
txtHomeUsername.Text.Trim() + "'",SqlCon);
var dt3 = new DataTable();
da3.Fill(dt3);
if (dt3.Rows.Count > 0)
{
string url = "../UserLogin.aspx";
ClientScript.RegisterStartupScript(this.GetType(),"callfunction",
"alert('Vendor ID already completed the
registration');window.location.href ='" + url + "';", true);
}
else
{
Response.Redirect("~/RegPage1.aspx?Parameter=" +
Server.UrlEncode(txtHomeUsername.Text));
}
}
}
}
finally
{
SqlCon.Close();
}