0

我试图弄清楚将我的 Response.Redirect("userAdmin.aspx) 添加到我的代码的位置。我尝试了许多不同的变体,但提交按钮什么也没做。我试图了解将它放在哪里。任何人都可以帮忙? 我将不胜感激!

这是我的代码

Protected Sub butSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles butSubmit.Click

    Dim myReader As Data.SqlClient.SqlDataReader
    Dim mySqlConnection As Data.SqlClient.SqlConnection
    Dim mySqlCommand As Data.SqlClient.SqlCommand
    'Establish the SqlConnection by using the configuration manager to get the connection string in our web.config file.

    mySqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings  ("ConnectionString").ToString())
    Dim sql As String = "SELECT password FROM MyUsers WHERE username = '" & Me.TextBox1.Text & "'"
    mySqlCommand = New Data.SqlClient.SqlCommand(sql, mySqlConnection)



    Try

        mySqlConnection.Open()
        myReader = mySqlCommand.ExecuteReader()

        If (myReader.HasRows) Then
            myReader.Read()
            Dim password As String = myReader("password")
            If (password = Me.TextBox2.Text) Then
                'Open page with users and roles
                Dim message As String = "Correct password"
                Dim style As MsgBoxStyle = MsgBoxStyle.OkOnly
                Dim title As String = "Authenticated"
                MsgBox(message, style, title)

            End If
        End If

    Catch ex As Exception
        Console.WriteLine(ex.ToString())
    Finally
        If Not (myReader Is Nothing) Then
            myReader.Close()
        End If

        If (mySqlConnection.State = Data.ConnectionState.Open) Then
            mySqlConnection.Close()
        End If

   End Try

End Sub
4

2 回答 2

2

你应该Response.Redirect在 之外使用Try-Catch,否则你会得到一个ThreadAbortException. 您也可以使用重载Response.Redirect(url, false)

您应该为您的 sql-command使用参数以防止 sql-injection!

Protected Sub butSubmit_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles butSubmit.Click
    Dim correctPassword As Boolean = False
    Using mySqlConnection = New Data.SqlClient.SqlConnection(ConfigurationManager.ConnectionStrings("ConnectionString").ConnectionString)
        Dim sql As String = "SELECT password FROM MyUsers WHERE username = @userName"
        Using mySqlCommand = New Data.SqlClient.SqlCommand(sql, mySqlConnection)
            mySqlCommand.Parameters.AddWithValue("@userName", Me.TextBox1.Text)
            Try
                mySqlConnection.Open()
                Using myReader = mySqlCommand.ExecuteReader()
                    If myReader.Read() Then
                        Dim password As String = myReader.GetString(myReader.GetOrdinal("password"))
                        If password = Me.TextBox2.Text Then
                            correctPassword = True
                        End If
                    End If
                End Using
            Catch ex As Exception
                Console.WriteLine(ex.ToString())
            End Try
        End Using
    End Using
    If correctPassword Then
        Response.Redirect("userAdmin.aspx")
    End If
End Sub

我也强烈建议改用ASP.NET-Membership

于 2013-03-01T08:10:36.500 回答
0 
   protected void Button_Click(object sender,ClickEventArgs e)
    {
       Response.Redirect("userAdmin.aspx) ;
    }

首先尝试另一个按钮,看看页面是否被重定向..如果你没有蚂蚁问题,那么根据你的标准放在 finally 之后或内部 finally

于 2013-03-01T08:07:37.047 回答