一、存储值
eg:登录一个页面,在进入这个页面之前你怎么知道它登没登录呢?[在登录成功之后我们把状态保存起来]
存储值得方式有两种,一种是cookie,一种是session
1.1区别:
代码:
if (SqlHelper.Exists(sSql, para)) { //cookie保存状态 if (chkRPwd.Checked) { Response.Cookies["name"].Expires = DateTime.Now.AddMinutes(1);//设置过期时间 //删除cookie //Response.Cookies.Clear(); } Response.Cookies["name"].Value = username; Response.Redirect("HomeAdoSqlHelper.aspx"); } else { Response.Write(""); } } 1 if (SqlHelper.Exists(sSql, para)) 2 { 3 //把session保存安全系数高的东西,保存于浏览器缓存里 4 Session["name"] = username; 5 Response.Redirect("HomeAdoSqlHelper.aspx"); 6 } 7 else 8 { 9 Response.Write("");10 }11 } 1 protected void Page_Load(object sender, EventArgs e) 2 { 3 //cookie获取状态 4 if (Request.Cookies["name"] == null) 5 { 6 Response.Redirect("loginSqlHelper.aspx"); 7 } 8 if (!(IsPostBack)) 9 {10 BindUserInfor();11 }12 } 1 protected void Page_Load(object sender, EventArgs e) 2 { 3 //session 4 if (Session["name"] == null) 5 { 6 Response.Redirect("loginSqlHelper.aspx"); 7 } 8 if (!(IsPostBack)) 9 {10 BindUserInfor();11 }12 }
二、sqlHelper做增删改查,SQL注入处理[后台绑定下拉一定要对应]
1
1 namespace sqlHelperStudy2160907 2 { 3 public partial class HomeAdoSqlHelperFirst : System.Web.UI.Page 4 { 9 SqlParameter[] para=new SqlParameter[2]; 10 protected void Page_Load(object sender, EventArgs e) 11 { 12 if (!(IsPostBack)) 13 { 14 BindUserInfor(); 15 } 16 } 17 public void BindUserInfor() 18 { 19 try 20 { 21 DataTable dt = SqlHelper.ExecuteDataSetText(GetSql(), para).Tables[0]; 22 GriVShow.DataSource = dt; 23 GriVShow.DataBind(); 24 } 25 catch (Exception ex) 26 { 27 Response.Write(""); 28 } 29 } 30 public string GetSql() 31 { 32 StringBuilder sb = new StringBuilder(); 33 //sb.Append("select Userid,UserName,phonenum,sex,phase,qq,Message,HeadPic,CreatedTime from UserInfor where 1=1"); 34 sb.Append("select top 100 * from UserInfor where 1=1 "); 35 if (!string.IsNullOrEmpty(txtSUserName.Text.Trim())) 36 { 37 //sb.Append(string.Format("and UserName='{0}'", txtSUserName.Text.Trim())); 38 sb.Append("and UserName=@UserName"); 39 para[0] = new SqlParameter("@UserName",txtSUserName.Text.Trim()); 40 } 41 if (ddlselPhase.SelectedIndex > 0) 42 { 43 sb.Append("and phase=@phase"); 44 para[1] = new SqlParameter("@phase",ddlselPhase.SelectedValue); 45 //sb.Append(string.Format("and phase='{0}'", ddlselPhase.SelectedValue)); 46 } 47 return sb.ToString(); 48 } 49 50 protected void btnSel_Click(object sender, EventArgs e) 51 { 52 BindUserInfor(); 53 } 54 55 protected void chkAll_CheckedChanged(object sender, EventArgs e) 56 { 57 //1.当我们点击按钮时,去找chkAll它的事件源的对象把它变成checkBox 58 CheckBox chkAll = sender as CheckBox; 59 //2.对它的每一行进行遍历循环 60 foreach (GridViewRow gvr in GriVShow.Rows) 61 { 62 //2.1获得到第一行的第一列,找到每一列id等于chkitem的对象把它变成checkbox 63 CheckBox chkItem = gvr.Cells[0].FindControl("chkItem") as CheckBox; 64 //2.2让它当前全选的checked属性等于下面每一行的属性,选中就为true,没选就为Fulse 65 chkItem.Checked = chkAll.Checked; 66 } 67 } 68 protected void GriVShow_RowDataBound(object sender, GridViewRowEventArgs e) 69 { 70 if (e.Row.RowType == DataControlRowType.DataRow) 71 { 72 DropDownList ddlphase = e.Row.FindControl("ddlgvPhase") as DropDownList; 73 string phase = ddlphase.ToolTip; 74 if (!string.IsNullOrEmpty(phase)) 75 { 76 ddlphase.ClearSelection(); 77 ddlphase.Items.FindByValue(phase).Selected = true; 78 } 79 } 80 } 81 82 protected void btnAdd_Click(object sender, EventArgs e) 83 { 84 string username = txtAddUserName.Text.Trim(); 85 string pwd = txtAddPwd.Text.Trim(); 86 string qq = txtAddQq.Text.Trim(); 87 string phase = ddlAddPhase.SelectedIndex > 0 ? ddlAddPhase.SelectedValue : ""; 88 if (!string.IsNullOrEmpty(username)) 89 { 90 string sSql = string.Format("insert into UserInfor(UserName,Pwd,QQ,Phase)values(@UserName,@Pwd,@QQ,@Phase)"); 91 SqlParameter[] paraA = new SqlParameter[] 92 { 93 new SqlParameter("@UserName",username), 94 new SqlParameter("@Pwd",pwd), 95 new SqlParameter("@QQ",qq), 96 new SqlParameter("@Phase",phase) 97 }; 98 SqlHelper.ExecteNonQueryText(sSql, paraA); 99 BindUserInfor();100 } 101 }102 public void Del(int UserId)103 {104 try105 {106 //string ssql = string.Format("select UserId from UserInfor where UserId='{0}'", UserId);107 string ssql = "select UserId from UserInfor where UserId=@UserId";108 SqlParameter[] paraD = new SqlParameter[] { new SqlParameter("@UserId", UserId) };109 if(SqlHelper.Exists(ssql,paraD))110 {111 string sSql1 = string.Format("delete UserInfor where UserId=@UserId");112 if(SqlHelper.ExecteNonQueryText(sSql1,paraD)>0)113 {114 Response.Write("");115 }116 BindUserInfor();117 }118 else119 {120 Response.Write("该用户不存在!");121 }122 }123 catch (Exception ex)124 {125 Response.Write("");126 }127 }128 protected void btnD_Click(object sender, EventArgs e)129 {130 int UserId = txtDUId.Text.Trim() == "" ? 0 : Convert.ToInt32(txtDUId.Text.Trim());131 Del(UserId);132 BindUserInfor();133 }134 135 protected void btnU2_Click(object sender, EventArgs e)136 {137 int Uid2 = txtUuid.Text.Trim() == "" ? 0 : Convert.ToInt32(txtUuid.Text.Trim());138 string uusername2 = txtUuserName2.Text.Trim();139 try140 {141 string sSql = string.Format("select count(*) from UserInfor where UserId=@UserId");142 SqlParameter[] paraU = new SqlParameter[] { new SqlParameter("@UserId", Uid2) };143 int icount = Convert.ToInt32(SqlHelper.ExecuteScalar(CommandType.Text,sSql,paraU));144 if (icount > 0)145 {146 string sSql1 = string.Format("update UserInfor set UserName=@UserName where UserId=@UserId");147 //string ssql1 = "update UserInfor set UserName=@UserName where UserId=@UserId";148 SqlParameter[] paraU1 = new SqlParameter[] 149 { 150 new SqlParameter("@UserName",uusername2),151 new SqlParameter("@UserId",Uid2)152 };153 if (SqlHelper.ExecteNonQueryText(sSql1,paraU1)>0)154 {155 Response.Write("");156 }157 BindUserInfor();158 }159 else160 {161 Response.Write("该用户不存在!");162 }163 }164 catch (Exception ex)165 {166 Response.Write("");167 }168 }169 170 protected void btnDelAll_Click(object sender, EventArgs e)171 {172 foreach (GridViewRow gvr in GriVShow.Rows)173 {174 int UserId = Convert.ToInt32(gvr.Cells[1].Text);175 CheckBox chkItem = gvr.Cells[0].FindControl("chkItem") as CheckBox;176 if (chkItem.Checked)177 {178 Del(UserId);179 }180 }181 BindUserInfor();182 }183 184 public void UpUser(int UserId, string UserName, string Pwd, string qq, string phase)185 {186 try187 {188 string sSql = string.Format("update UserInfor set UserName=@UserName,Pwd=@Pwd,QQ=@QQ,Phase=@Phase where UserId=@UserId");189 SqlParameter[] paraAll = new SqlParameter[] 190 {191 new SqlParameter("@UserName",UserName),192 new SqlParameter("@Pwd",Pwd),193 new SqlParameter("@qq",qq),194 new SqlParameter("@Phase",phase),195 new SqlParameter("@UserId",UserId)196 };197 if (SqlHelper.ExecteNonQueryText(sSql, paraAll) > 0)198 {199 Response.Write("");200 }201 }202 catch (Exception)203 {204 Response.Write("网页正在维护!");205 }206 }207 protected void btnUpAll_Click(object sender, EventArgs e)208 {209 foreach (GridViewRow gvr in GriVShow.Rows)210 {211 int UserId = Convert.ToInt32(gvr.Cells[1].Text);212 CheckBox chkItem = gvr.Cells[0].FindControl("chkItem") as CheckBox;213 if (chkItem.Checked)214 {215 TextBox txtUserName = gvr.Cells[7].FindControl("txtgvUserName") as TextBox;216 TextBox txtPwd = gvr.Cells[8].FindControl("txtgvPwd") as TextBox;217 TextBox txtqq = gvr.Cells[9].FindControl("txtgvQq") as TextBox;218 DropDownList ddlphase = gvr.Cells[10].FindControl("ddlgvPhase") as DropDownList;219 UpUser(UserId, txtUserName.Text.Trim(),txtPwd.Text.Trim(), txtqq.Text.Trim(), ddlphase.SelectedValue);220 }221 }222 BindUserInfor();223 }224 225 protected void btnAllAdd_Click(object sender, EventArgs e)226 {227 try228 {229 string sSql = string.Format("insert into UserInfor (Phase,CreatedTime) values(@Phase,@CreatedTime)");230 SqlParameter[] paraAdd = new SqlParameter[] 231 {232 new SqlParameter("@Phase","网页前端01期"),233 new SqlParameter("@CreatedTime",DateTime.Now.ToString())234 };235 SqlHelper.ExecteNonQueryText(sSql, paraAdd);236 BindUserInfor();237 }238 catch (Exception)239 {240 Response.Write("网页正在维护!");241 }242 }243 }244 }
三、post传值:
postProject.aspx
1
PostProjectT.aspx.cs
1 protected void Page_Load(object sender, EventArgs e)2 {3 //获取到用户名和密码4 string username = Request.Form["UserName"].ToString();5 string pwd = Request.Form["Pwd"].ToString();6 //把用户名和密码返回回去7 Response.Write(username+"-"+pwd);8 }