问题描述
Hello Code项目,
我在应用程序中使用了3层体系结构,并且尝试使用存储过程登录,尽管我输入的数据不在数据库中,但我可以登录.如果我不使用3层体系结构,则我能够做我想做的事.
请帮助我改善以下代码,
//数据逻辑
Hello Code Project,
I have used 3-tier architecture in my application and I''m trying to do Login using stores procedure, Though I am entering data that is not in database, I could Login.. If I am not using 3 tier architecture, I am able to do what I want.
please help me to improve the following code,
//Data Logic
static string ConStr = @"Data Source=ROHIT-PC\SQLEXPRESS;Initial Catalog=MPAdvisor;Integrated Security=True";
SqlConnection con = new SqlConnection(ConStr);
public void LogIn(string username, string password)
{
con.Open();
SqlCommand cmd = new SqlCommand("LogInProcedure", con);
cmd.CommandType = CommandType.StoredProcedure;
cmd.Parameters.AddWithValue("@username", username);
cmd.Parameters.AddWithValue("@password", password);
SqlDataReader reader = cmd.ExecuteReader();
}
//业务逻辑
//Business Logic
DataLogic.DataClass dc = new DataLogic.DataClass();
string username, password;
public string GetUserName
{
get
{
return username;
}
set
{
username = value;
}
}
public string GetPassword
{
get
{
return password;
}
set
{
password = value;
}
}
public void doLogIn()
{
dc.LogIn(username, password);
}
//表示逻辑
// Presentation Logic
BusinessLogic.BusinessClass bc = new BusinessLogic.BusinessClass();
bc.GetUserName = usernametxt.Text;
bc.GetPassword = passwordtxt.Text;
bc.doLogIn();
Session["uname"] = usernametxt.Text;
Response.Redirect("Home.aspx");
//存储过程
// Stored Procedure
ALTER PROCEDURE dbo.LogInProcedure
@username nvarchar (50),
@password nvarchar (50)
AS
SET NOCOUNT ON;
SELECT * FROM users
WHERE user_username=@username AND user_password=@password
推荐答案
public void LogIn(string username, string password)
2.此代码应从阅读器读取一个值.但是您的代码在此行代码之后结束.
2. This code should read a value from the reader. But your code ends after this line of code.
SqlDataReader reader = cmd.ExecuteReader();
}
3.同样,此方法返回"void".重复同样的错误
3. Also this method returns ''void'' . Same mistake repeated
public void doLogIn()
4.即使用户能够登录或不登录,也将为他创建会话并将其重定向到Home.aspx,而与身份验证结果无关...那么,为什么需要用户名/密码本身呢?
4. Even if the user is able to login or not, the session is created for him and redirected to Home.aspx ,irrespective of the authentication result... Then why need the username/password itself ?
bc.doLogIn();
Session["uname"] = usernametxt.Text;
Response.Redirect("Home.aspx");
5.密码不散列.即使是学生级别的项目也没有明文密码...
5. Passwords are not hashed. Even a student level project does not have plaintext passwords...
这篇关于关于3层应用程序和存储过程的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!