客户输入用户名和密码后,需要选择单选按钮作为最终用户或会计。但是,当我单击最终用户单选按钮时,它会再次重定向到主页,但不会重定向到company.aspx页面。请帮助 -
我的代码:
protected void Button1_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
conn.Open();
string checkuser = "select count(*) from Registration where USERNAME='" + TextBoxUsername.Text + "'";
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
conn.Close();
if (temp == 1)
{
conn.Open();
string checkPasswordQuery = "Select password from Registration where USERNAME='" + TextBoxUsername.Text + "'";
SqlCommand passComm = new SqlCommand(checkPasswordQuery, conn);
string password = passComm.ExecuteScalar().ToString().Replace(" ", "");
if (password == TextBoxPassword.Text)
{
Session["New"] = TextBoxUsername.Text;
Response.Write("Password is correct");
if (EndUserRadioButton.Checked)
{
Response.Redirect("Company.aspx");
}
else if (AccountantRadioButton.Checked)
{
Response.Redirect("AccountantUploads.aspx");
}
}
else
{
Response.Write("Password is not correct");
}
}
else
{
Response.Write("Username is not correct");
}
}
protected void RadioButton1_CheckedChanged(object sender, EventArgs e)
{
if (EndUserRadioButton.Checked)
{
Response.Redirect("Company.aspx");
}
else if (AccountantRadioButton.Checked)
{
Response.Redirect("AccountantUploads.aspx");
}
}
答案 0 :(得分:0)
代码背后的公司.aspx:
public partial class Company:System.Web.UI.Page { string _ConnectionString = ConfigurationManager.ConnectionStrings [" ConnectionString"]。ConnectionString; SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings [" ConnectionString"]。ConnectionString);
protected void Page_Load(object sender, EventArgs e)
{
if (Session["New"] != null)
{
Label_welcome.Text += Session["New"].ToString();
}
else
Response.Redirect("MainPage.aspx");
}
protected void Button2_Click(object sender, EventArgs e)
{
Response.Redirect("ChangePassword.aspx");
}
protected void Button1_Click(object sender, EventArgs e)
{
string _ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
DataTable dt = new DataTable();
string qry1 = "SELECT [USERNAME], [EMAIL], [PASSWORD], [STATE], [NAME], [CNAME], [ADDRESS], [TELEPHONE], [FAX], [TYPE], [AGENT] FROM [Registration] WHERE ([USERNAME] LIKE '%' + @USERNAME + '%')";
SqlDataAdapter da = new SqlDataAdapter(qry1, conn);
SqlCommand com = new SqlCommand(qry1, conn);
da.SelectCommand.Parameters.AddWithValue("@USERNAME", TextBoxSearch.Text);
da.Fill(dt);
GridView1.DataSourceID = string.Empty;
GridView1.DataSource = dt;
}
protected void GridView1_OnRowSelected(object sender, GridViewSelectEventArgs e)
{
var username = Convert.ToString(GridView1.DataKeys[e.NewSelectedIndex].Value);
Response.Redirect("ViewUploads.aspx?USERNAME=" +username);
}
答案 1 :(得分:0)
在使用表单身份验证时手动登录用户。使用FormsAuthentication.SetAuthCookie()。
示例:
username=txtUserName.text;
FormsAuthentication.SetAuthCookie(username, false);
Response.Redirect(url);
Response.Redirect只是向客户端发送HTTP重定向。
也使用参数化查询。
string checkPasswordQuery = "Select password from Registration where USERNAME=@userName";
SqlCommand passComm = new SqlCommand(checkPasswordQuery, conn);
passComm.Parameters.AddWithValue("@userName",txtUserName.Text);
这避免了SQl注入