如何在ASP.net MVC中获取数据
[英]How to get data in ASP.net MVC
问题描述
I'm trying to get the IsAdmin Value with SQL query(This query return 1 line or 0). 
我正在尝试使用SQL查询获取IsAdmin值(此查询返回1行或0)。 but i get this error {"invalide reading Tentative there are no any data present."} This is my code 但是我收到此错误{“无效,正在读取“暂定”,没有任何数据。”}这是我的代码
public static bool Login (string iduser, string password, bool IsAdmin)
{
bool auth = false;
string query = string.Format("Select IsAdmin from [user] where iduser = '{0}' AND mdp = '{1}' ;", iduser, password);
SqlCommand cmd = new SqlCommand(query, con);
con.Open();
SqlDataReader re = cmd.ExecuteReader();
auth = re.HasRows;
if (auth) { IsAdmin = re.GetBoolean(0); } // the error is on this line (this line will alow me to get IsAdmin Value If the user exist)
con.Close();
return auth;
}
2 个解决方案
解决方案1
6 已采纳 2012-04-02 21:16:03
You are open to horrible SQL injection . 您对可怕的SQL注入持开放态度。 Your site will be pwned by hackers the very same second you put it online if you don't use parametrized queries. 如果您不使用参数化查询,那么您的网站将在您在线上的同一秒内被黑客伪造。
Like this: 像这样:
public static bool IsAdmin(string iduser, string password)
{
using (var conn = new SqlConnection(ConnectionString))
using (var cmd = conn.CreateCommand())
{
conn.Open();
cmd.CommandText = @"
SELECT IsAdmin
FROM [user]
WHERE iduser = @iduser AND mdp = @mdp;
";
cmd.Parameters.AddWithValue("@iduser", iduser);
cmd.Parameters.AddWithValue("@mdp", password);
using (var reader = cmd.ExecuteReader())
{
return reader.Read() && reader.GetBoolean(reader.GetOrdinal("IsAdmin"));
}
}
}
解决方案2
0 2012-04-02 21:19:40
You need to call 你需要打电话
re.Read();
to move the reader to the first record before attempting to access the data. 在尝试访问数据之前将阅读器移至第一条记录。 re.HasRows does not cause the reader to move to the first record. re.HasRows不会使读者移动到第一条记录。
Also, definitely use parameterized queries. 另外, 一定要使用参数化查询。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.