我目前正在研究学校数据库。我正在使用ASP.NET创建一个登录页面,该页面连接到我的SQL数据库(SQL Server Management Studio 2017)。目前,当我登录时,我能够成功连接我的用户名和密码以及人员类型,这些都是我的SQL数据库中的人员表中的所有属性。但是,我的问题是,我无法正确显示当我使用不正确的" Person Type"时进行验证。为了清楚说明,我在登录页面上有一个下拉列表,显示了不同的用户类型,例如学生,教师,管理员,校长,家长等。
这是此代码,
<%@ Page Language="C#" AutoEventWireup="true" CodeBehind="Login.aspx.cs"
Inherits="LoginQuery.Login" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title></title>
<style>
#login-div {
position: absolute;
left: 40%;
top: 40%;
border: 1px solid #ccc;
padding: 10px 10px;
}
/* Add a black background color to the top navigation */
.topnav {
background-color: #333;
overflow: hidden;
}
/* Style the links inside the navigation bar */
.topnav a {
float: left;
color: #f2f2f2;
text-align: center;
padding: 14px 16px;
text-decoration: none;
font-size: 17px;
}
body {font-family: Arial, Helvetica, sans-serif;}
form {border: 3px solid #f1f1f1;}
input[type=text], input[type=password] {
width: 100%;
padding: 12px 20px;
margin: 8px 0;
display: inline-block;
border: 1px solid #ccc;
box-sizing: border-box;
}
button {
background-color: #4CAF50;
color: white;
padding: 14px 20px;
margin: 8px 0;
border: none;
cursor: pointer;
width: 100%;
}
button:hover {
opacity: 0.8;
}
.cancelbtn {
width: auto;
padding: 10px 18px;
background-color: #f44336;
}
.imgcontainer {
text-align: center;
margin: 24px 0 12px 0;
}
img.avatar {
width: 40%;
border-radius: 50%;
}
.container {
padding: 16px;
}
span.psw {
float: right;
padding-top: 16px;
}
/* Change styles for span and cancel button on extra small screens */
@media screen and (max-width: 300px) {
span.psw {
display: block;
float: none;
}
.cancelbtn {
width: 100%;
}
}
</style>
</head>
<body>
<form id="form1" runat="server">
<div style="text-align:center" class="topnav">
<h1 style="font-family:Verdana; color:white">Login</h1>
<table id="login-div">
<tr>
<td>Select User Type: </td>
<td> <asp:Label ID="Button1" runat="server"></asp:Label>
<asp:DropDownList ID="DropDownList3" runat="server" Height="20px" Width="155px">
<asp:ListItem>Student</asp:ListItem>
<asp:ListItem>Teacher</asp:ListItem>
<asp:ListItem>Counselor</asp:ListItem>
<asp:ListItem>Parent</asp:ListItem>
<asp:ListItem>Principal</asp:ListItem>
<asp:ListItem>Admin</asp:ListItem>
</asp:DropDownList>
</td>
<td> </td>
</tr>
<tr>
<td>Username: </td>
<td> <asp:TextBox ID="txtUsername" placeholder="Enter Username" runat="server"></asp:TextBox></td>
<td> </td>
</tr>
<tr>
<td>Password: </td>
<td> <asp:TextBox ID="txtPassword" placeholder="Enter password" runat="server" TextMode="Password"></asp:TextBox></td>
<td> </td>
</tr>
<tr>
<td> </td>
<td> <asp:Button ID="BtnLogin" runat="server" Text="Login" BackColor="Gray" ForeColor="White" OnClick="BtnLogin_Click" />
<asp:Label ID="Label1" runat="server" Text="" ForeColor="Red" Width="100%"></asp:Label>
</td>
<td> </td>
</tr>
</table>
</div>
</form>
</body>
</html>
这是我的Login.aspx.cs代码。这是我在提交登录按钮时调用查询的地方。它基本上检查SQL是否存在登录凭据,如果有效,如果没有,则显示使用标签的错误消息。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
namespace LoginQuery
{
public partial class Login : System.Web.UI.Page
{
SqlCommand cmd = new SqlCommand();
SqlConnection con = new SqlConnection();
SqlDataAdapter sda = new SqlDataAdapter();
DataSet ds = new DataSet();
protected void Page_Load(object sender, EventArgs e)
{
con.ConnectionString = "Data Source=CHRIS\\SQLEXPRESS;Initial Catalog=FPSDD;Integrated Security=True";
con.Open();
}
protected void BtnLogin_Click(object sender, EventArgs e)
{
cmd.CommandText = "SELECT * FROM Person where Username='" + txtUsername.Text + "' and Password='" + txtPassword.Text + "' and PersonType='" + DropDownList3.SelectedItem + "'";
cmd.Connection = con;
sda.SelectCommand = cmd;
sda.Fill(ds, "Person");
if (ds.Tables[0].Rows.Count > 0)
{
Response.Redirect(url: "http://localhost:56061/");
}
else
{
Label1.Text = "Invalid User Type, Username or Password. Please Try Again!";
}
}
}
}
总的来说,如果有人输入的用户名和密码与正确的用户类型无关,我希望能够显示正确的验证。在这种情况下,我想告诉用户他们的凭据与所选的用户类型不匹配。另一种方法是使用正确的用户名或密码显示正确的验证。任何帮助或建议将不胜感激。如果您需要进一步澄清,请询问。
答案 0 :(得分:0)
您需要为每个案例编写不同的查询:
首先检查用户名,密码,用户类型是否存在于数据库中,如果是,则表示登录成功。
如果第一种情况不满意,则检查用户名和密码是否存在,如果是,则凭证正确但其相关用户类型不正确。
代码应如下:
protected void BtnLogin_Click(object sender, EventArgs e)
{
cmd.CommandText = "SELECT * FROM Person where Username='" + txtUsername.Text + "' and Password='" + txtPassword.Text + "' and PersonType='" + DropDownList3.SelectedValue+ "'";
cmd.Connection = con;
sda.SelectCommand = cmd;
sda.Fill(ds, "Person");
if (ds.Tables[0].Rows.Count > 0)
{
Response.Redirect(url: "http://localhost:56061/");
}
else
{
cmd.CommandText = "SELECT * FROM Person where Username='" + txtUsername.Text + "' and Password='" + txtPassword.Text + "'";
cmd.Connection = con;
sda.SelectCommand = cmd;
sda.Fill(ds, "Person");
if (ds.Tables[0].Rows.Count > 0)
{
Label1.Text = "Invalid User Type. Please Try Again!";
}
else
{
Label1.Text = "Invalid User Type, Username or Password. Please Try Again!";
}
}
}
另一种方法。此解决方案将减少一个数据库调用。
protected void BtnLogin_Click(object sender, EventArgs e)
{
cmd.CommandText = cmd.CommandText = "SELECT * FROM Person where Username='" + txtUsername.Text + "' and Password='" + txtPassword.Text + "'";
cmd.Connection = con;
sda.SelectCommand = cmd;
sda.Fill(ds, "Person");
if (ds.Tables[0].Rows.Count > 0)
{
if(ds.Tables[0].Rows[0]["PersonType"] == DropDownList3.SelectedValue)
{
Response.Redirect(url: "http://localhost:56061/");
}
else
{
Label1.Text = "Invalid User Type. Please Try Again!";
}
}
else
{
Label1.Text = "Invalid User Type, Username or Password. Please Try Again!";
}
}