在哪里添加Response.Redirect?

时间:2013-03-01 07:58:18

标签: asp.net visual-studio-2008 button passwords response.redirect

我正在试图找出我将Response.Redirect(“userAdmin.aspx)添加到我的代码的位置。我尝试了很多不同的变体,但提交按钮什么也没做。我想知道把它放在哪里。有人可以帮忙吗?我会非常感激!

这是我的代码

Protected Sub butSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles butSubmit.Click

    Dim myReader As Data.SqlClient.SqlDataReader
    Dim mySqlConnection As Data.SqlClient.SqlConnection
    Dim mySqlCommand As Data.SqlClient.SqlCommand
    'Establish the SqlConnection by using the configuration manager to get the connection string in our web.config file.

    mySqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings  ("ConnectionString").ToString())
    Dim sql As String = "SELECT password FROM MyUsers WHERE username = '" & Me.TextBox1.Text & "'"
    mySqlCommand = New Data.SqlClient.SqlCommand(sql, mySqlConnection)



    Try

        mySqlConnection.Open()
        myReader = mySqlCommand.ExecuteReader()

        If (myReader.HasRows) Then
            myReader.Read()
            Dim password As String = myReader("password")
            If (password = Me.TextBox2.Text) Then
                'Open page with users and roles
                Dim message As String = "Correct password"
                Dim style As MsgBoxStyle = MsgBoxStyle.OkOnly
                Dim title As String = "Authenticated"
                MsgBox(message, style, title)

            End If
        End If

    Catch ex As Exception
        Console.WriteLine(ex.ToString())
    Finally
        If Not (myReader Is Nothing) Then
            myReader.Close()
        End If

        If (mySqlConnection.State = Data.ConnectionState.Open) Then
            mySqlConnection.Close()
        End If

   End Try

End Sub

2 个答案:

答案 0 :(得分:2)

您应该在Response.Redirect之外使用Try-Catch,否则您将获得ThreadAbortException。您还可以使用重载Response.Redirect(url, false)

你应该使用参数作为sql-command来阻止sql注入! 

Protected Sub butSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles butSubmit.Click
    Dim correctPassword As Boolean = False
    Using mySqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString)
        Dim sql As String = "SELECT password FROM MyUsers WHERE username = @userName"
        Using mySqlCommand = New Data.SqlClient.SqlCommand(sql, mySqlConnection)
            mySqlCommand.Parameters.AddWithValue("@userName", Me.TextBox1.Text)
            Try
                mySqlConnection.Open()
                Using myReader = mySqlCommand.ExecuteReader()
                    If myReader.Read() Then
                        Dim password As String = myReader.GetString(myReader.GetOrdinal("password"))
                        If password = Me.TextBox2.Text Then
                            correctPassword = True
                        End If
                    End If
                End Using
            Catch ex As Exception
                Console.WriteLine(ex.ToString())
            End Try
        End Using
    End Using
    If correctPassword Then
        Response.Redirect("userAdmin.aspx")
    End If
End Sub

我还强烈建议改为使用ASP.NET-Membership

答案 1 :(得分:0)

   protected void Button_Click(object sender,ClickEventArgs e)
    {
       Response.Redirect("userAdmin.aspx) ;
    }

frist尝试使用另一个按钮,看看页面是否被重定向..如果你没有蚂蚁问题,那么根据你的标准,最后或最终放在后面

相关问题
最新问题