我希望能够在空字符串中存储值,我有一个select语句来检索这些值,但我不确定如何将它们存储在' sessionVar'和' sessionVarAddress'。这是我的代码:
MySqlCommand select = new MySqlCommand("SELECT personID, address_addressID from person WHERE email='" + emailAddress + "' and password = '" + passwordR + "'", connect); //brings back the person ID if user details are correct
using (MySqlDataReader reader = select.ExecuteReader()) //executes the SQL statement
{
if (reader.HasRows)
{
string sessionVarAddress = "";
Session["address_addressId"] = sessionVarAddress;
string sessionVar = "";
Session["personID"] = sessionVar;
// other code
}
}
答案 0 :(得分:1)
您应该读取 MySqlDataReader中包含的值并将它们分配给您的会话
#include <stdio.h>
#include <boost/utility/enable_if.hpp>
#include <boost/type_traits.hpp>
template<int LEN, class Enable = void>
class MyString
{
public:
char data[LEN];
};
template<int LEN, typename boost::enable_if<boost::is_greater<LEN, 8>::type> >
class MyString
{
};
int main()
{
MyString<4> s;
return snprintf(s.data, 4, "123");
}
说,请尽快搜索如何使用参数化查询。您的代码非常弱,容易受到黑客攻击(sql注入),如果有人在传递给数据库的值中使用单引号(解析),则容易崩溃
if (reader.Read())
{
Session["address_addressId"] = reader["address_addressId"].ToString();
Session["personID"] = reader["personID"].ToString()
}