如果在C＃中成功登录，如何获取其他列值

Question

I have one table called Users, which have 4 columns 我有一个名为Users的表，该表有4列

UserId 用户身份
UserName 用户名
Password 密码
Role 角色

If login is successful, I want to know the UserId and Role values , 如果登录成功，我想知道UserId和Role值，

for login validate I wrote following function, 为了登录验证，我编写了以下函数，

 private bool ValidationFunction(string username, string pwd)
    {
        bool boolReturnValue = false;

        string s = "correct connection string";
        SqlConnection con = new SqlConnection(s);
        con.Open();
        string sqlUserName;
        sqlUserName = "SELECT UserName,Password FROM Users WHERE UserName ='" + username + "' AND Password ='" + pwd + "'";
        SqlCommand cmd = new SqlCommand(sqlUserName, con);

        string CurrentName;
        CurrentName = (string)cmd.ExecuteScalar();

        if (CurrentName != null)
        {
            boolReturnValue = true;
        }
        else
        {
            Session["UserName"] = "";
            boolReturnValue = false;
        }
        return boolReturnValue;
    }

Answer 1

ExecuteScalar() function returns only the top record value of the first column . ExecuteScalar()函数仅返回top record value of the first column的top record value of the first column 。 So you need to use ExecuteReader() instead. 因此，您需要使用ExecuteReader()代替。

Other important thing is you better use a parameterised query to pass those user typed values into the database. 另一个重要的事情是，您最好使用参数化查询将那些用户键入的值传递到数据库中。 You are open for sql injection attacks this way. 您可以通过这种方式进行sql注入攻击。

Try this: 尝试这个：

using (SqlConnection cnn = new SqlConnection("yourConnectionString"))
{
    string sql= "select userId,role from users " +
                "where username=@uName and password=@pWord";

    using (SqlCommand cmd = new SqlCommand(sql,cnn))
    {
         cmd.Parameters.AddWithValue("@uName", username);
         cmd.Parameters.AddWithValue("@pWord", pwd);

         cnn.Open();
         SqlDataReader reader = cmd.ExecuteReader();

         while (reader.Read())
         {
            //get the reader values here.
         }
    }
}

Answer 2

If UserID and Role are in the Users table, you can use the code below. 如果UserID和Role在Users表中，则可以使用下面的代码。 It has the added benefit of protection from SQL injection attacks using parameters. 它具有防止使用参数进行SQL注入攻击的附加好处。

private class User
{
    public int UserID {get;set;}
    public string Role {get;set;}
    public string UserName {get;set;}

}
private bool ValidationFunction(string username, string pwd, out User)
    {
        bool boolReturnValue = false;

        string s = "correct connection string";
        SqlConnection con = new SqlConnection(s);
        con.Open();
        string sqlUserName;
        sqlUserName = "SELECT UserName,Password,UserID,Role FROM Users WHERE UserName =@usr AND Password=@pwd";
        SqlCommand cmd = new SqlCommand(sqlUserName, con);
        cmd.Parameters.Add(new SqlParameter("usr", username));
        cmd.Parameters.Add(new SqlParameter("pwd", pwd));

        SqlDataReader reader = command.ExecuteReader();

        if (reader.Read())
        {
            boolReturnValue = true;
            User = new User(){UserName = username, UserID=reader.GetInt32(2), Role=reader.GetString(3)};
        }
        else
        {
            Session["UserName"] = "";
            boolReturnValue = false;
        }
        return boolReturnValue;
    }

Answer 3

Use query 使用查询

SqlDataReaer reader= Select *from Users where password="yourPassword"

and then you can get whatever you want ie reader["userName"] etc 然后您可以得到任何您想要的东西，即reader["userName"]等

如果在C＃中成功登录，如何获取其他列值

问题描述

3 个解决方案

解决方案1
4 2013-09-09 17:09:30

解决方案2
1 2013-09-09 17:17:22

解决方案3
-1 2013-09-09 17:21:15

如果在C＃中成功登录，如何获取其他列值

问题描述

3 个解决方案

解决方案1 4 2013-09-09 17:09:30

解决方案2 1 2013-09-09 17:17:22

解决方案3 -1 2013-09-09 17:21:15

解决方案1
4 2013-09-09 17:09:30

解决方案2
1 2013-09-09 17:17:22

解决方案3
-1 2013-09-09 17:21:15