Search data in database

2019-08-09 08:41发布

问题:

I'm basically making a web site using VS2008 and SQL Server 2005 which initiates with a login page. Now I want to authenticate the LoginID and the Password entered by the user. This authentication will take place once the system has found the ID and Password from the database table. Once found, I want to check whether what kind of user it is i.e. Admin or Customer. If the user is admin, then the page should be redirected to abc.aspx otherwise cde.aspx.

My front-end for LoginPage is:

<tr>
<td class="style11"> Login </td>
<td>
<asp:TextBox ID="txtUserName" runat="server" Width="300px" CssClass="Textbox1"></asp:TextBox>
</td>
</tr>
<tr>
<td class="style11"> Password </td>
<td>
<asp:TextBox ID="txtPassword" runat="server" TextMode="Password" Width="300px" CssClass="Textbox1"></asp:TextBox>
</td>
</tr>
<tr>
<td colspan="2">
<asp:Button ID="btnSubmit" runat="server" OnClick="btnSubmit_Click" CssClass="btn1"
                    Text="Submit" />
<asp:Button ID="btnCancel" runat="server" OnClick="btnCancel_Click" CssClass="btn1"
                    Text="Cancel" />
</td>
</tr>

And my backend code is:

//CODE 1
SqlDataSource sds = new SqlDataSource();
sds.ConnectionString = ConfigurationManager.ConnectionStrings["Gen_LicConnectionString3"].ToString();
sds.SelectParameters.Add("LoginID", TypeCode.String, this.txtUserName.Text);
sds.SelectParameters.Add("Password", TypeCode.String, this.txtPassword.Text);
sds.SelectCommand = "SELECT User_Type FROM [User_Details] WHERE [LoginID]=@LoginID AND [Password]=@Password";

    if (//Some Condition) //<-- Here I want to check the condition whether the User_Type is 'Admin' or 'Customer'
    {
        Response.Redirect("Lic_Gen.aspx"); //<-- If Admin
    }
    else
    {
        Response.Redirect("Cust_Page.aspx"); //<-- If Customer
    }


//CODE 2
//string connectionString = WebConfigurationManager.ConnectionStrings["Gen_LicConnectionString3"].ConnectionString;
    //string selectSQL = "SELECT User_Type FROM User_Details WHERE [LoginID]=@LoginID AND [Password] = @Password";
    //SqlConnection con = new SqlConnection(connectionString);
    //SqlCommand cmd = new SqlCommand(selectSQL, con);
    //SqlDataAdapter adapter = new SqlDataAdapter(cmd);
    //DataSet ds = new DataSet();

    //if (cmd.Equals(1))
    //{
    //    Response.Redirect("Lic_Gen.aspx");
    //}
    //else
    //{
    //    Response.Redirect("Cust_Page.aspx");
    //}

回答1:

This is the simplest method without the use membership models. This is a simple method which uses datareader.

    SqlDataReader sdrDatanew = null;
    string strnew;
    string connectionString = WebConfigurationManager.ConnectionStrings["Gen_LicConnectionString"].ConnectionString;
    SqlConnection connew = new SqlConnection(connectionString);
    connew.Open();
    strnew = "select User_Type from User_Details where User_Type='" + ddlUserSel.SelectedItem.Value + "' AND LoginID = '" + txtUserName.Text + "' AND Password = '" + txtPassword.Text + "'";
    SqlCommand sqlCommnew = new SqlCommand(strnew, connew);
    sdrDatanew = sqlCommnew.ExecuteReader();

    int userType = 0;

    if (sdrDatanew.HasRows)
    {
        if (sdrDatanew.Read())
        {
            userType = Convert.ToInt32(sdrDatanew["User_Type"].ToString());
        }
    }

    switch (userType)
    {
        case 0:
            Response.Redirect("Lic_Gen.aspx");
            break;
        case 1:
            Response.Redirect("Cust_Page.aspx");
            break;
        default:
            Console.WriteLine("Invalid User/Password");
            Console.ReadLine();
            break;
    }

    connew.Close();