1. 首頁
  2. 問答
  3. 登錄後顯示用戶信息

登錄後顯示用戶信息

2014-02-10 68 views
0

我爲我的網站創建了一個Web方法。我希望在成功登錄後能夠在下面顯示以下信息。我如何實現這一目標?登錄後顯示用戶信息

[WebMethod] 
     public Student Login(string Username, string Password) 
     { 
      cn.Open(); 
      SqlCommand com = new SqlCommand("SELECT * FROM tblStudent WHERE Username = '" + Username + "' and Password = '" + Password + "'", cn); 
      SqlDataReader sr = com.ExecuteReader(); 
      while (sr.Read()) 
      { 
       Student student = new Student() 
       { 
        StudentID = sr.GetInt32(0), 
        StudentNumber = sr.GetString(1), 
        Name = sr.GetString(2), 
        Surname = sr.GetString(3), 
        DOB = sr.GetDateTime(4), 
        Gender = sr.GetString(5), 
        EmailAddress = sr.GetString(6), 
        Address1 = sr.GetString(7), 
        Address2 = sr.GetString(8), 
        City = sr.GetString(9), 
        Postcode = sr.GetString(10), 
        Username = sr.GetString(11), 
        Password = sr.GetString(12), 
        Course = sr.GetString(13) 
       }; 
       cn.Close(); 
       return student; 
      } 

      cn.Close(); 
      return new Student(); 
     } 

protected void Button1_Click(object sender, EventArgs e) 
     { 
      ServiceReference1.Service1SoapClient Log = new ServiceReference1.Service1SoapClient(); 

      Student s = Log.Login(txtUsername.Text, txtPassword.Text); 

      if (s.StudentID > 0) 

      { 
       Session.Add("UserAuthentication", s); 
       //Session["Authenticated"] = true; 
       //Session.Timeout = 1; 
       Response.Redirect("Profile.aspx"); 

      } 
      else 
      { 
       Response.Write("<script type=\"text/javascript\">alert('Username or Password is Incorrect. Please Try Again!');</script>"); 
      }   
     }

我有以下代碼來顯示配置文件頁面上的信息,但它似乎不工作。

protected void Page_Load(object sender, EventArgs e) 

     { 
      //string DOB; 
      if (Session["UserAuthentication"] != null) 
      { 
       Student student = new Student(); 
       student.StudentNumber = lbStudentNum.Text; 
       student.Name = lbName.Text; 
       student.Surname = lbSurname.Text; 
       // student.DOB = lbDOB. 
       // student.Gender = lbGender.Text; 
       student.EmailAddress = lbEmailaddress.Text; 
       student.Address1 = lbAddress1.Text; 
       student.Address2 = lbAddress2.Text; 
       student.City = City.Text; 
       student.Postcode = Postcode.Text; 

      } 

      else 
      { 
       Response.Redirect("Index.aspx"); 
      }

來源

2014-02-10 user3284789

+1

請參數化查詢以避免SQL注入攻擊,第二哈希密碼。我討厭這樣說,但是它目前看起來就像是一個典型的安全實踐不佳的例子 – Liath

+0

我該如何去做這件事?我只是剛開始使用ASP.NET,所以我沒有太多的知識。謝謝 – user3284789

+0

http://stackoverflow.com/questions/7505808/using-parameters-in-sql-statements :) – Liath

回答

0

第一類投你的對象從會話然後把這些值控制是這樣的:

protected void Page_Load(object sender, EventArgs e) 
    { 
     //string DOB; 
     if (Session["UserAuthentication"] != null) 
     { 
      Student student = (Student)Session["UserAuthentication"]; 
      lbStudentNum.Text= student.StudentNumber ; 
      City.Text= student.City; 
      Postcode.Text= student.Postcode ; 
     } 
     else 
     { 
      Response.Redirect("Index.aspx"); 
     }

來源

2014-02-10 13:51:09

+0

感謝它的工作。如何將日期轉換爲字符串(對於DOB) – user3284789

+0

@ user3284789請不要看到我對參數化查詢的評論。這也將解決您的問題,並使您的代碼更安全 – Liath

+0

lbDOB.Text = student.DOB.ToString(); –

相關問題

 相關問題