一、存储值

eg:登录一个页面,在进入这个页面之前你怎么知道它登没登录呢?[在登录成功之后我们把状态保存起来]

存储值得方式有两种,一种是cookie,一种是session

1.1区别:

sqlHelper做增删改查,SQL注入处理,存储值,cookie,session-LMLPHP

代码:

               if (SqlHelper.Exists(sSql, para))
{
//cookie保存状态
if (chkRPwd.Checked)
{
Response.Cookies["name"].Expires = DateTime.Now.AddMinutes();//设置过期时间
//删除cookie
//Response.Cookies.Clear();
}
Response.Cookies["name"].Value = username;
Response.Redirect("HomeAdoSqlHelper.aspx");
}
else
{
Response.Write("<script>alert('密码错误!');</script>");
}
}
                if (SqlHelper.Exists(sSql, para))
{
//把session保存安全系数高的东西,保存于浏览器缓存里
Session["name"] = username;
Response.Redirect("HomeAdoSqlHelper.aspx");
}
else
{
Response.Write("<script>alert('密码错误!');</script>");
}
}
        protected void Page_Load(object sender, EventArgs e)
{
//cookie获取状态
if (Request.Cookies["name"] == null)
{
Response.Redirect("loginSqlHelper.aspx");
}
if (!(IsPostBack))
{
BindUserInfor();
}
}
          protected void Page_Load(object sender, EventArgs e)
{
//session
if (Session["name"] == null)
{
Response.Redirect("loginSqlHelper.aspx");
}
if (!(IsPostBack))
{
BindUserInfor();
}
}

二、sqlHelper做增删改查,SQL注入处理[后台绑定下拉一定要对应]

     <form id="form1" runat="server">
<div>
<table>
<tr>
<td> 用户名:</td>
<td>
<asp:TextBox ID="txtSUserName" runat="server"></asp:TextBox>
</td>
<td>班级:</td>
<td>
<asp:DropDownList ID="ddlselPhase" runat="server">
<asp:ListItem>---请选择---</asp:ListItem>
<asp:ListItem>.NET高级班01期</asp:ListItem>
<asp:ListItem>.NET高级班02期</asp:ListItem>
<asp:ListItem>.NET讲师</asp:ListItem>
<asp:ListItem>.NET网站开发01期</asp:ListItem>
<asp:ListItem>.NET网站开发02期</asp:ListItem>
<asp:ListItem>.NET网站开发03期</asp:ListItem>
<asp:ListItem>.NET网站开发04期</asp:ListItem>
<asp:ListItem>.NET网站开发05期</asp:ListItem>
<asp:ListItem>.NET网站开发06期</asp:ListItem>
<asp:ListItem>.NET网站开发07期</asp:ListItem>
<asp:ListItem>.NET网站开发08期</asp:ListItem>
<asp:ListItem>.NET网站开发09期</asp:ListItem>
<asp:ListItem>.NET网站开发10期</asp:ListItem>
<asp:ListItem>.NET网站开发11期</asp:ListItem>
<asp:ListItem>.NET网站开发12期</asp:ListItem>
<asp:ListItem>.NET网站开发13期</asp:ListItem>
<asp:ListItem>.NET网站开发14期</asp:ListItem>
<asp:ListItem>.NET网站开发15期</asp:ListItem>
<asp:ListItem>.NET网站开发16期</asp:ListItem>
<asp:ListItem>java第一期</asp:ListItem>
<asp:ListItem>JAVA讲师</asp:ListItem>
<asp:ListItem>ps设计01期</asp:ListItem>
<asp:ListItem>ps设计02期</asp:ListItem>
<asp:ListItem>ps设计03期</asp:ListItem>
<asp:ListItem>网页前端01期</asp:ListItem>
</asp:DropDownList>
</td>
<td>
<asp:Button ID="btnSel" runat="server" Text="查询" OnClick="btnSel_Click" style="height: 21px" />
</td>
</tr>
</table>
</div>
<div>
<table>
<tr>
<td> 用户名:</td>
<td>
<asp:TextBox ID="txtAddUserName" runat="server"></asp:TextBox>
</td>
<td> 密码:</td>
<td>
<asp:TextBox ID="txtAddPwd" runat="server" TextMode="Password"></asp:TextBox>
</td>
<td> QQ:</td>
<td>
<asp:TextBox ID="txtAddQq" runat="server"></asp:TextBox>
</td>
<td>班级:</td>
<td>
<asp:DropDownList ID="ddlAddPhase" runat="server">
<asp:ListItem>---请选择---</asp:ListItem>
<asp:ListItem>.NET高级班01期</asp:ListItem>
<asp:ListItem>.NET高级班02期</asp:ListItem>
<asp:ListItem>.NET讲师</asp:ListItem>
<asp:ListItem>.NET网站开发01期</asp:ListItem>
<asp:ListItem>.NET网站开发02期</asp:ListItem>
<asp:ListItem>.NET网站开发03期</asp:ListItem>
<asp:ListItem>.NET网站开发04期</asp:ListItem>
<asp:ListItem>.NET网站开发05期</asp:ListItem>
<asp:ListItem>.NET网站开发06期</asp:ListItem>
<asp:ListItem>.NET网站开发07期</asp:ListItem>
<asp:ListItem>.NET网站开发08期</asp:ListItem>
<asp:ListItem>.NET网站开发09期</asp:ListItem>
<asp:ListItem>.NET网站开发10期</asp:ListItem>
<asp:ListItem>.NET网站开发11期</asp:ListItem>
<asp:ListItem>.NET网站开发12期</asp:ListItem>
<asp:ListItem>.NET网站开发13期</asp:ListItem>
<asp:ListItem>.NET网站开发14期</asp:ListItem>
<asp:ListItem>ps设计01期</asp:ListItem>
<asp:ListItem>ps设计03期</asp:ListItem>
<asp:ListItem>网页前端01期</asp:ListItem>
</asp:DropDownList>
</td>
<td>
<asp:Button ID="btnAdd" runat="server" Text="添加" OnClick="btnAdd_Click" />
</td>
</tr>
</table>
</div>
<div>
<table>
<tr>
<td>用户ID:</td>
<td>
<asp:TextBox ID="txtDUId" runat="server"></asp:TextBox>
</td>
<td>
<asp:Button ID="btnD" runat="server" Text="删除" OnClick="btnD_Click" />
</td>
</tr>
</table>
</div>
<%--<div>
<table>
<tr>
<td>ID:</td>
<td>
<asp:TextBox ID="txtUId" runat="server"></asp:TextBox>
</td>
<td>
<asp:TextBox ID="txtUUserName" runat="server"></asp:TextBox>
</td>
<td>
<asp:Button ID="btnU" runat="server" Text="更新" OnClick="btnU_Click" />
</td>
</tr>
</table>
</div>--%>
<div>
<table>
<tr>
<td>ID:</td>
<td>
<asp:TextBox ID="txtUuid" runat="server"></asp:TextBox>
</td>
<td>
<asp:TextBox ID="txtUuserName2" runat="server"></asp:TextBox>
</td>
<td>
<asp:Button ID="btnU2" runat="server" Text="更新" OnClick="btnU2_Click"/>
</td>
</tr>
</table>
</div>
<div class="dItem">
<table>
<tr>
<td>
<asp:Button ID="btnDelAll" runat="server" Text="批量删除" OnClick="btnDelAll_Click" OnClientClick="return confirm('你确定删除吗?');"/>
</td>
<td>
<asp:Button ID="btnUpAll" runat="server" Text="批量修改" OnClick="btnUpAll_Click" />
</td>
<td>
<asp:Button ID="btnAllAdd" runat="server" Text="添加" OnClick="btnAllAdd_Click"/>
</td>
</tr>
</table>
</div>
<div>
<asp:GridView ID="GriVShow" runat="server" AutoGenerateColumns="False" OnRowDataBound="GriVShow_RowDataBound">
<Columns>
<asp:TemplateField>
<HeaderTemplate>
<asp:CheckBox ID="chkAll" runat="server" AutoPostBack="True" OnCheckedChanged="chkAll_CheckedChanged" />
</HeaderTemplate>
<ItemTemplate>
<asp:CheckBox ID="chkItem" runat="server" />
</ItemTemplate>
</asp:TemplateField>
<asp:BoundField DataField="Userid" HeaderText="ID" />
<asp:BoundField DataField="UserName" HeaderText="用户名:" />
<asp:BoundField DataField="phonenum" HeaderText="电话号码" />
<asp:BoundField DataField="qq" HeaderText="QQ" />
<asp:BoundField DataField="phase" HeaderText="班级" />
<asp:BoundField DataField="CreatedTime" HeaderText="创建时间" />
<asp:TemplateField HeaderText="用户名">
<ItemTemplate>
<asp:TextBox ID="txtgvUserName" runat="server" Text='<%#Eval("UserName")%>'></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="密码">
<ItemTemplate>
<asp:TextBox ID="txtgvPwd" runat="server" Text='<%#Eval("Pwd")%>'></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="QQ">
<ItemTemplate>
<asp:TextBox ID="txtgvQq" runat="server" Text='<%#Eval("QQ")%>'></asp:TextBox>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="班级">
<ItemTemplate>
<asp:DropDownList ID="ddlgvPhase" runat="server" ToolTip='<%#Eval("phase")%>'>
<asp:ListItem>---请选择---</asp:ListItem>
<asp:ListItem>.NET高级班01期</asp:ListItem>
<asp:ListItem>.NET高级班02期</asp:ListItem>
<asp:ListItem>.NET讲师</asp:ListItem>
<asp:ListItem>.NET网站开发01期</asp:ListItem>
<asp:ListItem>.NET网站开发02期</asp:ListItem>
<asp:ListItem>.NET网站开发03期</asp:ListItem>
<asp:ListItem>.NET网站开发04期</asp:ListItem>
<asp:ListItem>.NET网站开发05期</asp:ListItem>
<asp:ListItem>.NET网站开发06期</asp:ListItem>
<asp:ListItem>.NET网站开发07期</asp:ListItem>
<asp:ListItem>.NET网站开发08期</asp:ListItem>
<asp:ListItem>.NET网站开发09期</asp:ListItem>
<asp:ListItem>.NET网站开发10期</asp:ListItem>
<asp:ListItem>.NET网站开发11期</asp:ListItem>
<asp:ListItem>.NET网站开发12期</asp:ListItem>
<asp:ListItem>.NET网站开发13期</asp:ListItem>
<asp:ListItem>.NET网站开发14期</asp:ListItem>
<asp:ListItem>ps设计01期</asp:ListItem>
<asp:ListItem>ps设计03期</asp:ListItem>
<asp:ListItem>网页前端01期</asp:ListItem>
</asp:DropDownList>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="详情">
<ItemTemplate>
<a href="UserInforManagerContext.aspx?Id=<%#Eval("UserId")%>">详情</a>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
</div>
</form>
 namespace sqlHelperStudy2160907
{
public partial class HomeAdoSqlHelperFirst : System.Web.UI.Page
{
SqlParameter[] para=new SqlParameter[];
protected void Page_Load(object sender, EventArgs e)
{
if (!(IsPostBack))
{
BindUserInfor();
}
}
public void BindUserInfor()
{
try
{
DataTable dt = SqlHelper.ExecuteDataSetText(GetSql(), para).Tables[];
GriVShow.DataSource = dt;
GriVShow.DataBind();
}
catch (Exception ex)
{
Response.Write("<script>alret('系统正在维护,请联系管理员!');</script>");
}
}
public string GetSql()
{
StringBuilder sb = new StringBuilder();
//sb.Append("select Userid,UserName,phonenum,sex,phase,qq,Message,HeadPic,CreatedTime from UserInfor where 1=1");
sb.Append("select top 100 * from UserInfor where 1=1 ");
if (!string.IsNullOrEmpty(txtSUserName.Text.Trim()))
{
//sb.Append(string.Format("and UserName='{0}'", txtSUserName.Text.Trim()));
sb.Append("and UserName=@UserName");
para[] = new SqlParameter("@UserName",txtSUserName.Text.Trim());
}
if (ddlselPhase.SelectedIndex > )
{
sb.Append("and phase=@phase");
para[] = new SqlParameter("@phase",ddlselPhase.SelectedValue);
//sb.Append(string.Format("and phase='{0}'", ddlselPhase.SelectedValue));
}
return sb.ToString();
} protected void btnSel_Click(object sender, EventArgs e)
{
BindUserInfor();
} protected void chkAll_CheckedChanged(object sender, EventArgs e)
{
//1.当我们点击按钮时,去找chkAll它的事件源的对象把它变成checkBox
CheckBox chkAll = sender as CheckBox;
//2.对它的每一行进行遍历循环
foreach (GridViewRow gvr in GriVShow.Rows)
{
//2.1获得到第一行的第一列,找到每一列id等于chkitem的对象把它变成checkbox
CheckBox chkItem = gvr.Cells[].FindControl("chkItem") as CheckBox;
//2.2让它当前全选的checked属性等于下面每一行的属性,选中就为true,没选就为Fulse
chkItem.Checked = chkAll.Checked;
}
}
protected void GriVShow_RowDataBound(object sender, GridViewRowEventArgs e)
{
if (e.Row.RowType == DataControlRowType.DataRow)
{
DropDownList ddlphase = e.Row.FindControl("ddlgvPhase") as DropDownList;
string phase = ddlphase.ToolTip;
if (!string.IsNullOrEmpty(phase))
{
ddlphase.ClearSelection();
ddlphase.Items.FindByValue(phase).Selected = true;
}
}
} protected void btnAdd_Click(object sender, EventArgs e)
{
string username = txtAddUserName.Text.Trim();
string pwd = txtAddPwd.Text.Trim();
string qq = txtAddQq.Text.Trim();
string phase = ddlAddPhase.SelectedIndex > ? ddlAddPhase.SelectedValue : "";
if (!string.IsNullOrEmpty(username))
{
string sSql = string.Format("insert into UserInfor(UserName,Pwd,QQ,Phase)values(@UserName,@Pwd,@QQ,@Phase)");
SqlParameter[] paraA = new SqlParameter[]
{
new SqlParameter("@UserName",username),
new SqlParameter("@Pwd",pwd),
new SqlParameter("@QQ",qq),
new SqlParameter("@Phase",phase)
};
SqlHelper.ExecteNonQueryText(sSql, paraA);
BindUserInfor();
}
}
public void Del(int UserId)
{
try
{
//string ssql = string.Format("select UserId from UserInfor where UserId='{0}'", UserId);
string ssql = "select UserId from UserInfor where UserId=@UserId";
SqlParameter[] paraD = new SqlParameter[] { new SqlParameter("@UserId", UserId) };
if(SqlHelper.Exists(ssql,paraD))
{
string sSql1 = string.Format("delete UserInfor where UserId=@UserId");
if(SqlHelper.ExecteNonQueryText(sSql1,paraD)>)
{
Response.Write("<script>alert('删除成功!');</script>");
}
BindUserInfor();
}
else
{
Response.Write("该用户不存在!");
}
}
catch (Exception ex)
{
Response.Write("<script>alret('系统正在维护,请联系管理员!');</script>");
}
}
protected void btnD_Click(object sender, EventArgs e)
{
int UserId = txtDUId.Text.Trim() == "" ? : Convert.ToInt32(txtDUId.Text.Trim());
Del(UserId);
BindUserInfor();
} protected void btnU2_Click(object sender, EventArgs e)
{
int Uid2 = txtUuid.Text.Trim() == "" ? : Convert.ToInt32(txtUuid.Text.Trim());
string uusername2 = txtUuserName2.Text.Trim();
try
{
string sSql = string.Format("select count(*) from UserInfor where UserId=@UserId");
SqlParameter[] paraU = new SqlParameter[] { new SqlParameter("@UserId", Uid2) };
int icount = Convert.ToInt32(SqlHelper.ExecuteScalar(CommandType.Text,sSql,paraU));
if (icount > )
{
string sSql1 = string.Format("update UserInfor set UserName=@UserName where UserId=@UserId");
//string ssql1 = "update UserInfor set UserName=@UserName where UserId=@UserId";
SqlParameter[] paraU1 = new SqlParameter[]
{
new SqlParameter("@UserName",uusername2),
new SqlParameter("@UserId",Uid2)
};
if (SqlHelper.ExecteNonQueryText(sSql1,paraU1)>)
{
Response.Write("<script>alert('数据更新成功!');</script>");
}
BindUserInfor();
}
else
{
Response.Write("该用户不存在!");
}
}
catch (Exception ex)
{
Response.Write("<script>alret('系统正在维护,请联系管理员!');</script>");
}
} protected void btnDelAll_Click(object sender, EventArgs e)
{
foreach (GridViewRow gvr in GriVShow.Rows)
{
int UserId = Convert.ToInt32(gvr.Cells[].Text);
CheckBox chkItem = gvr.Cells[].FindControl("chkItem") as CheckBox;
if (chkItem.Checked)
{
Del(UserId);
}
}
BindUserInfor();
} public void UpUser(int UserId, string UserName, string Pwd, string qq, string phase)
{
try
{
string sSql = string.Format("update UserInfor set UserName=@UserName,Pwd=@Pwd,QQ=@QQ,Phase=@Phase where UserId=@UserId");
SqlParameter[] paraAll = new SqlParameter[]
{
new SqlParameter("@UserName",UserName),
new SqlParameter("@Pwd",Pwd),
new SqlParameter("@qq",qq),
new SqlParameter("@Phase",phase),
new SqlParameter("@UserId",UserId)
};
if (SqlHelper.ExecteNonQueryText(sSql, paraAll) > )
{
Response.Write("<script>alert('数据更新成功!');</script>");
}
}
catch (Exception)
{
Response.Write("网页正在维护!");
}
}
protected void btnUpAll_Click(object sender, EventArgs e)
{
foreach (GridViewRow gvr in GriVShow.Rows)
{
int UserId = Convert.ToInt32(gvr.Cells[].Text);
CheckBox chkItem = gvr.Cells[].FindControl("chkItem") as CheckBox;
if (chkItem.Checked)
{
TextBox txtUserName = gvr.Cells[].FindControl("txtgvUserName") as TextBox;
TextBox txtPwd = gvr.Cells[].FindControl("txtgvPwd") as TextBox;
TextBox txtqq = gvr.Cells[].FindControl("txtgvQq") as TextBox;
DropDownList ddlphase = gvr.Cells[].FindControl("ddlgvPhase") as DropDownList;
UpUser(UserId, txtUserName.Text.Trim(),txtPwd.Text.Trim(), txtqq.Text.Trim(), ddlphase.SelectedValue);
}
}
BindUserInfor();
} protected void btnAllAdd_Click(object sender, EventArgs e)
{
try
{
string sSql = string.Format("insert into UserInfor (Phase,CreatedTime) values(@Phase,@CreatedTime)");
SqlParameter[] paraAdd = new SqlParameter[]
{
new SqlParameter("@Phase","网页前端01期"),
new SqlParameter("@CreatedTime",DateTime.Now.ToString())
};
SqlHelper.ExecteNonQueryText(sSql, paraAdd);
BindUserInfor();
}
catch (Exception)
{
Response.Write("网页正在维护!");
}
}
}
}

三、post传值:

postProject.aspx

     <form id="form1" action="PostProjectT.aspx" method="post">
<table>
<tr>
<td><input type="text" name="UserName"/></td>
</tr>
<tr>
<td><input type="password" name="Pwd"/></td></tr>
<tr>
<td><input type="submit"value="提交"/></td>
</tr>
</table>
</form>

PostProjectT.aspx.cs

         protected void Page_Load(object sender, EventArgs e)
{
//获取到用户名和密码
string username = Request.Form["UserName"].ToString();
string pwd = Request.Form["Pwd"].ToString();
//把用户名和密码返回回去
Response.Write(username+"-"+pwd);
}
04-27 06:29