會話和sqlsyntax，如何將會話添加到登錄身份驗證方法

Question

嗨即時嘗試設置用戶帳戶包含在用戶表中的用戶名和密碼的會話。我不確定如何根據我的sqlsyntax中的用戶名和密碼獲取用戶ID，然後將它傳遞給我的會話？我最後的代碼和平只是一個標籤的測試，看看它是否會將數字傳遞給標籤。

登錄頁面用繩子測試

using System; 
using System.Data; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.Web.UI; 
using System.Web.UI.WebControls; 
using System.Data.Odbc; 
using System.Data.SqlClient; 

public partial class Default2 : System.Web.UI.Page 
{ 
    protected void Page_Load(object sender, EventArgs e) 
    { 
     Login1.Authenticate += Login1_Authenticate; 
    } 
    protected void Login1_Authenticate(object sender, AuthenticateEventArgs e) 
    { 
     //database connection string 
     OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite; User=x; Password=x; OPTION=3;"); 
     cn.Open(); 
     OdbcCommand cmd = new OdbcCommand("Select * from User where username=? and password=?", cn); 

     //Select the username and password from mysql database in login table 

     cmd.Parameters.Add("@username", OdbcType.VarChar); 
     cmd.Parameters["@username"].Value = this.Login1.UserName; 

     cmd.Parameters.Add("@password", OdbcType.VarChar); 
     cmd.Parameters["@password"].Value = this.Login1.Password; 
     //use asp login control to check username and password 

     Session["UserID"] = "usrName"; 
     //set the UserID from the User Table unsure how to add this to the sql syntax above 

     OdbcDataReader dr = default(OdbcDataReader); 
     // Initialise a reader to read the rows from the login table. 
     // If row exists, the login is successful 

     dr = cmd.ExecuteReader(); 
     if (dr.Read()) 
     { 
      e.Authenticated = true; 
      Response.Redirect("UserProfileWall.aspx"); 
      // Event Authenticate is true forward to user profile 
     } 

    } 

} 

資料頁中標註：

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.Web.UI; 
using System.Web.UI.WebControls; 
using System.Data.Odbc; 

public partial class UserProfile : System.Web.UI.MasterPage 
{ 
    protected void Page_Load(object sender, EventArgs e) 
    { 
     string usrName = Convert.ToString(Session["UserID"]); 
     Label1.Text = Convert.ToString(usrName); 
     //test to see if session on login page is passing 

     OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite; User=x; Password=x;"); 
     cn.Open(); 

     OdbcCommand cmd = new OdbcCommand("SELECT User.FirstName, User.SecondName, User.Aboutme, User.DOB, Pictures.picturepath FROM User LEFT JOIN Pictures ON User.UserID = Pictures.UserID WHERE User.UserID=1", cn); 
     OdbcDataReader reader = cmd.ExecuteReader(); 
     while (reader.Read()) 
     { 
      Name.Text = String.Format("{0} {1}", reader.GetString(0), reader.GetString(1)); 
      Aboutme.Text = String.Format("{0}", reader.GetString(2)); 
      Age.Text = String.Format("{0}", reader.GetString(3)); 
      Image1.ImageUrl = String.Format("{0}", reader.GetString(4)); 
     } 


    } 
} 

Answer 1

可能有點晚:)

登錄頁面上的命令可能包含用戶ID列：

OdbcCommand cmd = new OdbcCommand("Select UserId from User where username=? and password=?", cn); 

現在您可以從閱讀器讀取UserId列的值並將其值存儲到http會話中：

dr = cmd.ExecuteReader(); 
if (dr.Read()) 
{ 
    Session["UserID"] = dr["UserId"]; 
    e.Authenticated = true; 
    Response.Redirect("UserProfileWall.aspx"); 
    // Event Authenticate is true forward to user profile 
} 

Btw。你不需要inicialize博士和該塊的代碼：

OdbcDataReader dr = default(OdbcDataReader); // assigns null to dr 
dr = cmd.ExecuteReader(); // reference to a new reader instance is assigned to dr 

可以簡化：

OdbcDataReader dr = cmd.ExecuteReader(); // reference to a new reader instance is assigned to dr