简单的问题,是否可以这样做?从Table中选择Id,其中username = Session?
SqlCommand cm = new SqlCommand("select ID from CustomerDetails Where CustomerName ="Session["New"], con); - this has been solved.
第二个问题:
我想像这样实现它:
if (Session["New"] != reader["ID"].ToString())
{
Response.Redirect("NotAuthorized.aspx");
}
在我的if语句中给我一个错误。任何技巧?
完整代码在这里:
SqlConnection con = new SqlConnection(strConnString);
con.Open();
string str = "select ID from CustomerDetails Where CustomerName = '"+Session["New"].ToString()+"'";
com = new SqlCommand(str, con);
SqlDataReader reader = com.ExecuteReader();
if (!IsPostBack)
{
if (Session["New"] != reader["ID"].ToString())
{
Response.Redirect("NotAuthorized.aspx");
}
答案 0 :(得分:0)
protected void Page_Load(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection("Data Source = 'PAULO'; Initial Catalog=ShoppingCartDB;Integrated Security =True");
SqlCommand cmd = new SqlCommand("select ID from CustomerDetails ", conn);
SqlDataAdapter da = new SqlDataAdapter("", conn);
DataTable dt = new DataTable();
da.fill(dt);
int count=dt.Rows.Count;
if (Count > 0)
{
for (int i = 0; i < Count; i++)
{
Label2.Text =dt1.Rows[i]["ID"].ToString();
}
}
}
答案 1 :(得分:0)
试试这个
SqlCommand cm = new SqlCommand("select ID from CustomerDetails Where CustomerName ='"+Session["New"].ToString()+"'", con);
string ID =cm.ExecuteScalar().ToString();
假设,
会话[&#34;新&#34;]包含用户名(数据类型为字符串)
答案 2 :(得分:0)
为了使您的代码更具有错误证明,我认为最好在SQL命令中使用命名参数,如下所示:
{{1}}