1. 首頁
  2. 問答
  3. C#初學者 - 如何檢索指定帳戶的數據?

C#初學者 - 如何檢索指定帳戶的數據?

2016-01-09 47 views
-2

HI〜我有一個關於如何從特定的帳戶資料.. 例如問題,有存在的數據庫C#初學者 - 如何檢索指定帳戶的數據?

2級的bug報告中分配給開發者一個4 bug報告,另外2個錯誤報告被分配給開發商b。

如果我以開發人員身份登錄,我只能查看分配給我的2個錯誤。 我該如何設置代碼?

(PS:THX與指出,我的編碼具有SQL注入風險很多答案,我會完成我的任務後編輯:))。

這裏是我的編碼:

private void bug_view_Click(object sender, EventArgs e) 
    { 
     dataGridView1.Visible = true; 
     bug_info_panel.Visible = true; 
     string constring = "datasource=localhost;username=root;password="; 
     MySqlConnection conDataBase = new MySqlConnection(constring); 
     MySqlCommand cmdDataBase = new MySqlCommand("select * from bug.bug where Assigned = '';", conDataBase); 

     try 
     { 
      dataGridView1.Visible = true; 
      MySqlDataAdapter sda = new MySqlDataAdapter(); 
      sda.SelectCommand = cmdDataBase; 
      DataTable dbdataset = new DataTable(); 
      sda.Fill(dbdataset); 
      BindingSource bSource = new BindingSource(); 

      bSource.DataSource = dbdataset; 
      dataGridView1.DataSource = bSource; 
      sda.Update(dbdataset); 
     } 
     catch (Exception ex) 
     { 
      MessageBox.Show(ex.Message); 
     } 
    }

這裏是我的登錄表單的編碼enter code here

try 
     { 
      bool IsAdminUser = false; 
      bool IsDeveloper = false; 
      string myConnection = "datasource=localhost;username=root;password="; 
      MySqlConnection myConn = new MySqlConnection(myConnection); 
      MySqlCommand SelectCommand = new MySqlCommand("select * from logintable.account where id='" + this.username_txt.Text + "' and password='" + this.password_txt.Text + "' ;", myConn); 

      MySqlDataReader myReader; 
      myConn.Open(); 
      myReader = SelectCommand.ExecuteReader(); 
      int count = 0; 
      while (myReader.Read()) 
      { 
       count = count + 1; 
       IsAdminUser = myReader["permissions"].ToString().Equals("Admin"); 
       IsDeveloper = myReader["permissions"].ToString().Equals("Developer"); 
      } 

      if (count == 1 && IsDeveloper == true) 
      { 
       MessageBox.Show("You are logged in as Developer "); 
       this.Hide(); 
       DeveloperForm developform = new DeveloperForm(); 
       developform.ShowDialog(); 
      } 

      else if (count == 1 && IsAdminUser == true) 
      { 
       MessageBox.Show("You are logged in as administrator "); 
       this.Hide(); 
       AdminForm adminForm = new AdminForm(); 
       adminForm.ShowDialog(); 
      } 

      else if (count == 1) 
      { 
       MessageBox.Show("You are logged in"); 
       this.Hide(); 
       UserForm userform = new UserForm(); 
       userform.ShowDialog(); 
      } 

      else 
       MessageBox.Show("Username or Password is not correct ..Please try again"); 
      myConn.Close(); 

     } 
     catch (Exception ex) 
     { 
      MessageBox.Show(ex.Message); 
     } 

    }

來源

2016-01-09 Calvin Leung

+0

切勿使用字符串連接來構建SQL:您讓自己開放SQL注入攻擊。參數更容易*,因爲您不需要考慮數據庫的編碼值。 – Richard

回答

0

我可以不使用推薦的身份驗證方法見。 無論如何,你可以通過使用Application/Session變量來實現你想要的。

Application["user_id"]=myReader["Id"]; 


Session["user_id"]=myReader["Id"];

然後你可以使用這個值取像

錯誤報告:用戶登錄 後,像這樣創建一個應用程序/ Session變量和存儲用戶的ID 
MySqlCommand cmdDataBase = new MySqlCommand("select * from bug.bug where Assigned = @user;", conDataBase); 
cmdDataBase.Parameters.AddWithValue("@user",Application["user_id"])

希望這有助於

來源

2016-01-09 07:15:07

相關問題

 相關問題