首页 > 代码库 > sqlHelper做增删改查,SQL注入处理,存储值,cookie,session
sqlHelper做增删改查,SQL注入处理,存储值,cookie,session
一、存储值
eg:登录一个页面,在进入这个页面之前你怎么知道它登没登录呢?[在登录成功之后我们把状态保存起来]
存储值得方式有两种,一种是cookie,一种是session
1.1区别:
代码:
if (SqlHelper.Exists(sSql, para)) { //cookie保存状态 if (chkRPwd.Checked) { Response.Cookies["name"].Expires = DateTime.Now.AddMinutes(1);//设置过期时间 //删除cookie //Response.Cookies.Clear(); } Response.Cookies["name"].Value =http://www.mamicode.com/ username; Response.Redirect("HomeAdoSqlHelper.aspx"); } else { Response.Write("<script>alert(‘密码错误!‘);</script>"); } }
1 if (SqlHelper.Exists(sSql, para)) 2 { 3 //把session保存安全系数高的东西,保存于浏览器缓存里 4 Session["name"] = username; 5 Response.Redirect("HomeAdoSqlHelper.aspx"); 6 } 7 else 8 { 9 Response.Write("<script>alert(‘密码错误!‘);</script>");10 }11 }
1 protected void Page_Load(object sender, EventArgs e) 2 { 3 //cookie获取状态 4 if (Request.Cookies["name"] == null) 5 { 6 Response.Redirect("loginSqlHelper.aspx"); 7 } 8 if (!(IsPostBack)) 9 {10 BindUserInfor();11 }12 }
1 protected void Page_Load(object sender, EventArgs e) 2 { 3 //session 4 if (Session["name"] == null) 5 { 6 Response.Redirect("loginSqlHelper.aspx"); 7 } 8 if (!(IsPostBack)) 9 {10 BindUserInfor();11 }12 }
二、sqlHelper做增删改查,SQL注入处理[后台绑定下拉一定要对应]
1 <form id="form1" runat="server"> 2 <div> 3 <table> 4 <tr> 5 <td> 用户名:</td> 6 <td> 7 <asp:TextBox ID="txtSUserName" runat="server"></asp:TextBox> 8 </td> 9 <td>班级:</td> 10 <td> 11 <asp:DropDownList ID="ddlselPhase" runat="server"> 12 <asp:ListItem>---请选择---</asp:ListItem> 13 <asp:ListItem>.NET高级班01期</asp:ListItem> 14 <asp:ListItem>.NET高级班02期</asp:ListItem> 15 <asp:ListItem>.NET讲师</asp:ListItem> 16 <asp:ListItem>.NET网站开发01期</asp:ListItem> 17 <asp:ListItem>.NET网站开发02期</asp:ListItem> 18 <asp:ListItem>.NET网站开发03期</asp:ListItem> 19 <asp:ListItem>.NET网站开发04期</asp:ListItem> 20 <asp:ListItem>.NET网站开发05期</asp:ListItem> 21 <asp:ListItem>.NET网站开发06期</asp:ListItem> 22 <asp:ListItem>.NET网站开发07期</asp:ListItem> 23 <asp:ListItem>.NET网站开发08期</asp:ListItem> 24 <asp:ListItem>.NET网站开发09期</asp:ListItem> 25 <asp:ListItem>.NET网站开发10期</asp:ListItem> 26 <asp:ListItem>.NET网站开发11期</asp:ListItem> 27 <asp:ListItem>.NET网站开发12期</asp:ListItem> 28 <asp:ListItem>.NET网站开发13期</asp:ListItem> 29 <asp:ListItem>.NET网站开发14期</asp:ListItem> 30 <asp:ListItem>.NET网站开发15期</asp:ListItem> 31 <asp:ListItem>.NET网站开发16期</asp:ListItem> 32 <asp:ListItem>java第一期</asp:ListItem> 33 <asp:ListItem>JAVA讲师</asp:ListItem> 34 <asp:ListItem>ps设计01期</asp:ListItem> 35 <asp:ListItem>ps设计02期</asp:ListItem> 36 <asp:ListItem>ps设计03期</asp:ListItem> 37 <asp:ListItem>网页前端01期</asp:ListItem> 38 </asp:DropDownList> 39 </td> 40 <td> 41 <asp:Button ID="btnSel" runat="server" Text="查询" OnClick="btnSel_Click" style="height: 21px" /> 42 </td> 43 </tr> 44 </table> 45 </div> 46 <div> 47 <table> 48 <tr> 49 <td> 用户名:</td> 50 <td> 51 <asp:TextBox ID="txtAddUserName" runat="server"></asp:TextBox> 52 </td> 53 <td> 密码:</td> 54 <td> 55 <asp:TextBox ID="txtAddPwd" runat="server" TextMode="Password"></asp:TextBox> 56 </td> 57 <td> QQ:</td> 58 <td> 59 <asp:TextBox ID="txtAddQq" runat="server"></asp:TextBox> 60 </td> 61 <td>班级:</td> 62 <td> 63 <asp:DropDownList ID="ddlAddPhase" runat="server"> 64 <asp:ListItem>---请选择---</asp:ListItem> 65 <asp:ListItem>.NET高级班01期</asp:ListItem> 66 <asp:ListItem>.NET高级班02期</asp:ListItem> 67 <asp:ListItem>.NET讲师</asp:ListItem> 68 <asp:ListItem>.NET网站开发01期</asp:ListItem> 69 <asp:ListItem>.NET网站开发02期</asp:ListItem> 70 <asp:ListItem>.NET网站开发03期</asp:ListItem> 71 <asp:ListItem>.NET网站开发04期</asp:ListItem> 72 <asp:ListItem>.NET网站开发05期</asp:ListItem> 73 <asp:ListItem>.NET网站开发06期</asp:ListItem> 74 <asp:ListItem>.NET网站开发07期</asp:ListItem> 75 <asp:ListItem>.NET网站开发08期</asp:ListItem> 76 <asp:ListItem>.NET网站开发09期</asp:ListItem> 77 <asp:ListItem>.NET网站开发10期</asp:ListItem> 78 <asp:ListItem>.NET网站开发11期</asp:ListItem> 79 <asp:ListItem>.NET网站开发12期</asp:ListItem> 80 <asp:ListItem>.NET网站开发13期</asp:ListItem> 81 <asp:ListItem>.NET网站开发14期</asp:ListItem> 82 <asp:ListItem>ps设计01期</asp:ListItem> 83 <asp:ListItem>ps设计03期</asp:ListItem> 84 <asp:ListItem>网页前端01期</asp:ListItem> 85 </asp:DropDownList> 86 </td> 87 <td> 88 <asp:Button ID="btnAdd" runat="server" Text="添加" OnClick="btnAdd_Click" /> 89 </td> 90 </tr> 91 </table> 92 </div> 93 <div> 94 <table> 95 <tr> 96 <td>用户ID:</td> 97 <td> 98 <asp:TextBox ID="txtDUId" runat="server"></asp:TextBox> 99 </td>100 <td>101 <asp:Button ID="btnD" runat="server" Text="删除" OnClick="btnD_Click" />102 </td>103 </tr>104 </table>105 </div>106 <%--<div>107 <table>108 <tr>109 <td>ID:</td>110 <td>111 <asp:TextBox ID="txtUId" runat="server"></asp:TextBox>112 </td>113 <td>114 <asp:TextBox ID="txtUUserName" runat="server"></asp:TextBox>115 </td>116 <td>117 <asp:Button ID="btnU" runat="server" Text="更新" OnClick="btnU_Click" />118 </td>119 </tr>120 </table>121 </div>--%>122 <div>123 <table>124 <tr>125 <td>ID:</td>126 <td>127 <asp:TextBox ID="txtUuid" runat="server"></asp:TextBox>128 </td>129 <td>130 <asp:TextBox ID="txtUuserName2" runat="server"></asp:TextBox>131 </td>132 <td>133 <asp:Button ID="btnU2" runat="server" Text="更新" OnClick="btnU2_Click"/>134 </td>135 </tr>136 </table>137 </div>138 <div class="dItem">139 <table>140 <tr>141 <td>142 <asp:Button ID="btnDelAll" runat="server" Text="批量删除" OnClick="btnDelAll_Click" OnClientClick="return confirm(‘你确定删除吗?‘);"/>143 </td>144 <td>145 <asp:Button ID="btnUpAll" runat="server" Text="批量修改" OnClick="btnUpAll_Click" />146 </td>147 <td>148 <asp:Button ID="btnAllAdd" runat="server" Text="添加" OnClick="btnAllAdd_Click"/>149 </td>150 </tr>151 </table>152 </div>153 <div>154 <asp:GridView ID="GriVShow" runat="server" AutoGenerateColumns="False" OnRowDataBound="GriVShow_RowDataBound">155 <Columns>156 <asp:TemplateField>157 <HeaderTemplate>158 <asp:CheckBox ID="chkAll" runat="server" AutoPostBack="True" OnCheckedChanged="chkAll_CheckedChanged" />159 </HeaderTemplate>160 <ItemTemplate>161 <asp:CheckBox ID="chkItem" runat="server" />162 </ItemTemplate>163 </asp:TemplateField>164 <asp:BoundField DataField="Userid" HeaderText="ID" />165 <asp:BoundField DataField="UserName" HeaderText="用户名:" />166 <asp:BoundField DataField="phonenum" HeaderText="电话号码" />167 <asp:BoundField DataField="qq" HeaderText="QQ" />168 <asp:BoundField DataField="phase" HeaderText="班级" />169 <asp:BoundField DataField="CreatedTime" HeaderText="创建时间" />170 <asp:TemplateField HeaderText="用户名">171 <ItemTemplate>172 <asp:TextBox ID="txtgvUserName" runat="server" Text=‘<%#Eval("UserName")%>‘></asp:TextBox>173 </ItemTemplate>174 </asp:TemplateField>175 <asp:TemplateField HeaderText="密码">176 <ItemTemplate>177 <asp:TextBox ID="txtgvPwd" runat="server" Text=‘<%#Eval("Pwd")%>‘></asp:TextBox>178 </ItemTemplate>179 </asp:TemplateField>180 <asp:TemplateField HeaderText="QQ">181 <ItemTemplate>182 <asp:TextBox ID="txtgvQq" runat="server" Text=‘<%#Eval("QQ")%>‘></asp:TextBox>183 </ItemTemplate>184 </asp:TemplateField>185 <asp:TemplateField HeaderText="班级">186 <ItemTemplate>187 <asp:DropDownList ID="ddlgvPhase" runat="server" ToolTip=‘<%#Eval("phase")%>‘>188 <asp:ListItem>---请选择---</asp:ListItem>189 <asp:ListItem>.NET高级班01期</asp:ListItem>190 <asp:ListItem>.NET高级班02期</asp:ListItem>191 <asp:ListItem>.NET讲师</asp:ListItem>192 <asp:ListItem>.NET网站开发01期</asp:ListItem>193 <asp:ListItem>.NET网站开发02期</asp:ListItem>194 <asp:ListItem>.NET网站开发03期</asp:ListItem>195 <asp:ListItem>.NET网站开发04期</asp:ListItem>196 <asp:ListItem>.NET网站开发05期</asp:ListItem>197 <asp:ListItem>.NET网站开发06期</asp:ListItem>198 <asp:ListItem>.NET网站开发07期</asp:ListItem>199 <asp:ListItem>.NET网站开发08期</asp:ListItem>200 <asp:ListItem>.NET网站开发09期</asp:ListItem>201 <asp:ListItem>.NET网站开发10期</asp:ListItem>202 <asp:ListItem>.NET网站开发11期</asp:ListItem>203 <asp:ListItem>.NET网站开发12期</asp:ListItem>204 <asp:ListItem>.NET网站开发13期</asp:ListItem>205 <asp:ListItem>.NET网站开发14期</asp:ListItem>206 <asp:ListItem>ps设计01期</asp:ListItem>207 <asp:ListItem>ps设计03期</asp:ListItem>208 <asp:ListItem>网页前端01期</asp:ListItem>209 </asp:DropDownList>210 </ItemTemplate>211 </asp:TemplateField>212 <asp:TemplateField HeaderText="详情">213 <ItemTemplate>214 <a href=http://www.mamicode.com/"UserInforManagerContext.aspx?Id=<%#Eval("UserId")%>">详情</a>215 </ItemTemplate>216 </asp:TemplateField>217 </Columns>218 </asp:GridView>219 </div>220 </form>
1 namespace sqlHelperStudy2160907 2 { 3 public partial class HomeAdoSqlHelperFirst : System.Web.UI.Page 4 { 9 SqlParameter[] para=new SqlParameter[2]; 10 protected void Page_Load(object sender, EventArgs e) 11 { 12 if (!(IsPostBack)) 13 { 14 BindUserInfor(); 15 } 16 } 17 public void BindUserInfor() 18 { 19 try 20 { 21 DataTable dt = SqlHelper.ExecuteDataSetText(GetSql(), para).Tables[0]; 22 GriVShow.DataSource = dt; 23 GriVShow.DataBind(); 24 } 25 catch (Exception ex) 26 { 27 Response.Write("<script>alret(‘系统正在维护,请联系管理员!‘);</script>"); 28 } 29 } 30 public string GetSql() 31 { 32 StringBuilder sb = new StringBuilder(); 33 //sb.Append("select Userid,UserName,phonenum,sex,phase,qq,Message,HeadPic,CreatedTime from UserInfor where 1=1"); 34 sb.Append("select top 100 * from UserInfor where 1=1 "); 35 if (!string.IsNullOrEmpty(txtSUserName.Text.Trim())) 36 { 37 //sb.Append(string.Format("and UserName=‘{0}‘", txtSUserName.Text.Trim())); 38 sb.Append("and UserName=@UserName"); 39 para[0] = new SqlParameter("@UserName",txtSUserName.Text.Trim()); 40 } 41 if (ddlselPhase.SelectedIndex > 0) 42 { 43 sb.Append("and phase=@phase"); 44 para[1] = new SqlParameter("@phase",ddlselPhase.SelectedValue); 45 //sb.Append(string.Format("and phase=‘{0}‘", ddlselPhase.SelectedValue)); 46 } 47 return sb.ToString(); 48 } 49 50 protected void btnSel_Click(object sender, EventArgs e) 51 { 52 BindUserInfor(); 53 } 54 55 protected void chkAll_CheckedChanged(object sender, EventArgs e) 56 { 57 //1.当我们点击按钮时,去找chkAll它的事件源的对象把它变成checkBox 58 CheckBox chkAll = sender as CheckBox; 59 //2.对它的每一行进行遍历循环 60 foreach (GridViewRow gvr in GriVShow.Rows) 61 { 62 //2.1获得到第一行的第一列,找到每一列id等于chkitem的对象把它变成checkbox 63 CheckBox chkItem = gvr.Cells[0].FindControl("chkItem") as CheckBox; 64 //2.2让它当前全选的checked属性等于下面每一行的属性,选中就为true,没选就为Fulse 65 chkItem.Checked = chkAll.Checked; 66 } 67 } 68 protected void GriVShow_RowDataBound(object sender, GridViewRowEventArgs e) 69 { 70 if (e.Row.RowType == DataControlRowType.DataRow) 71 { 72 DropDownList ddlphase = e.Row.FindControl("ddlgvPhase") as DropDownList; 73 string phase = ddlphase.ToolTip; 74 if (!string.IsNullOrEmpty(phase)) 75 { 76 ddlphase.ClearSelection(); 77 ddlphase.Items.FindByValue(phase).Selected = true; 78 } 79 } 80 } 81 82 protected void btnAdd_Click(object sender, EventArgs e) 83 { 84 string username = txtAddUserName.Text.Trim(); 85 string pwd = txtAddPwd.Text.Trim(); 86 string qq = txtAddQq.Text.Trim(); 87 string phase = ddlAddPhase.SelectedIndex > 0 ? ddlAddPhase.SelectedValue : ""; 88 if (!string.IsNullOrEmpty(username)) 89 { 90 string sSql = string.Format("insert into UserInfor(UserName,Pwd,QQ,Phase)values(@UserName,@Pwd,@QQ,@Phase)"); 91 SqlParameter[] paraA = new SqlParameter[] 92 { 93 new SqlParameter("@UserName",username), 94 new SqlParameter("@Pwd",pwd), 95 new SqlParameter("@QQ",qq), 96 new SqlParameter("@Phase",phase) 97 }; 98 SqlHelper.ExecteNonQueryText(sSql, paraA); 99 BindUserInfor();100 } 101 }102 public void Del(int UserId)103 {104 try105 {106 //string ssql = string.Format("select UserId from UserInfor where UserId=‘{0}‘", UserId);107 string ssql = "select UserId from UserInfor where UserId=@UserId";108 SqlParameter[] paraD = new SqlParameter[] { new SqlParameter("@UserId", UserId) };109 if(SqlHelper.Exists(ssql,paraD))110 {111 string sSql1 = string.Format("delete UserInfor where UserId=@UserId");112 if(SqlHelper.ExecteNonQueryText(sSql1,paraD)>0)113 {114 Response.Write("<script>alert(‘删除成功!‘);</script>");115 }116 BindUserInfor();117 }118 else119 {120 Response.Write("该用户不存在!");121 }122 }123 catch (Exception ex)124 {125 Response.Write("<script>alret(‘系统正在维护,请联系管理员!‘);</script>");126 }127 }128 protected void btnD_Click(object sender, EventArgs e)129 {130 int UserId = txtDUId.Text.Trim() == "" ? 0 : Convert.ToInt32(txtDUId.Text.Trim());131 Del(UserId);132 BindUserInfor();133 }134 135 protected void btnU2_Click(object sender, EventArgs e)136 {137 int Uid2 = txtUuid.Text.Trim() == "" ? 0 : Convert.ToInt32(txtUuid.Text.Trim());138 string uusername2 = txtUuserName2.Text.Trim();139 try140 {141 string sSql = string.Format("select count(*) from UserInfor where UserId=@UserId");142 SqlParameter[] paraU = new SqlParameter[] { new SqlParameter("@UserId", Uid2) };143 int icount = Convert.ToInt32(SqlHelper.ExecuteScalar(CommandType.Text,sSql,paraU));144 if (icount > 0)145 {146 string sSql1 = string.Format("update UserInfor set UserName=@UserName where UserId=@UserId");147 //string ssql1 = "update UserInfor set UserName=@UserName where UserId=@UserId";148 SqlParameter[] paraU1 = new SqlParameter[] 149 { 150 new SqlParameter("@UserName",uusername2),151 new SqlParameter("@UserId",Uid2)152 };153 if (SqlHelper.ExecteNonQueryText(sSql1,paraU1)>0)154 {155 Response.Write("<script>alert(‘数据更新成功!‘);</script>");156 }157 BindUserInfor();158 }159 else160 {161 Response.Write("该用户不存在!");162 }163 }164 catch (Exception ex)165 {166 Response.Write("<script>alret(‘系统正在维护,请联系管理员!‘);</script>");167 }168 }169 170 protected void btnDelAll_Click(object sender, EventArgs e)171 {172 foreach (GridViewRow gvr in GriVShow.Rows)173 {174 int UserId = Convert.ToInt32(gvr.Cells[1].Text);175 CheckBox chkItem = gvr.Cells[0].FindControl("chkItem") as CheckBox;176 if (chkItem.Checked)177 {178 Del(UserId);179 }180 }181 BindUserInfor();182 }183 184 public void UpUser(int UserId, string UserName, string Pwd, string qq, string phase)185 {186 try187 {188 string sSql = string.Format("update UserInfor set UserName=@UserName,Pwd=@Pwd,QQ=@QQ,Phase=@Phase where UserId=@UserId");189 SqlParameter[] paraAll = new SqlParameter[] 190 {191 new SqlParameter("@UserName",UserName),192 new SqlParameter("@Pwd",Pwd),193 new SqlParameter("@qq",qq),194 new SqlParameter("@Phase",phase),195 new SqlParameter("@UserId",UserId)196 };197 if (SqlHelper.ExecteNonQueryText(sSql, paraAll) > 0)198 {199 Response.Write("<script>alert(‘数据更新成功!‘);</script>");200 }201 }202 catch (Exception)203 {204 Response.Write("网页正在维护!");205 }206 }207 protected void btnUpAll_Click(object sender, EventArgs e)208 {209 foreach (GridViewRow gvr in GriVShow.Rows)210 {211 int UserId = Convert.ToInt32(gvr.Cells[1].Text);212 CheckBox chkItem = gvr.Cells[0].FindControl("chkItem") as CheckBox;213 if (chkItem.Checked)214 {215 TextBox txtUserName = gvr.Cells[7].FindControl("txtgvUserName") as TextBox;216 TextBox txtPwd = gvr.Cells[8].FindControl("txtgvPwd") as TextBox;217 TextBox txtqq = gvr.Cells[9].FindControl("txtgvQq") as TextBox;218 DropDownList ddlphase = gvr.Cells[10].FindControl("ddlgvPhase") as DropDownList;219 UpUser(UserId, txtUserName.Text.Trim(),txtPwd.Text.Trim(), txtqq.Text.Trim(), ddlphase.SelectedValue);220 }221 }222 BindUserInfor();223 }224 225 protected void btnAllAdd_Click(object sender, EventArgs e)226 {227 try228 {229 string sSql = string.Format("insert into UserInfor (Phase,CreatedTime) values(@Phase,@CreatedTime)");230 SqlParameter[] paraAdd = new SqlParameter[] 231 {232 new SqlParameter("@Phase","网页前端01期"),233 new SqlParameter("@CreatedTime",DateTime.Now.ToString())234 };235 SqlHelper.ExecteNonQueryText(sSql, paraAdd);236 BindUserInfor();237 }238 catch (Exception)239 {240 Response.Write("网页正在维护!");241 }242 }243 }244 }
三、post传值:
postProject.aspx
1 <form id="form1" action="PostProjectT.aspx" method="post"> 2 <table> 3 <tr> 4 <td><input type="text" name="UserName"/></td> 5 </tr> 6 <tr> 7 <td><input type="password" name="Pwd"/></td></tr> 8 <tr> 9 <td><input type="submit"value=http://www.mamicode.com/"提交"/></td>10 </tr>11 </table>12 </form>
PostProjectT.aspx.cs
1 protected void Page_Load(object sender, EventArgs e)2 {3 //获取到用户名和密码4 string username = Request.Form["UserName"].ToString();5 string pwd = Request.Form["Pwd"].ToString();6 //把用户名和密码返回回去7 Response.Write(username+"-"+pwd);8 }
sqlHelper做增删改查,SQL注入处理,存储值,cookie,session
声明:以上内容来自用户投稿及互联网公开渠道收集整理发布,本网站不拥有所有权,未作人工编辑处理,也不承担相关法律责任,若内容有误或涉及侵权可进行投诉: 投诉/举报 工作人员会在5个工作日内联系你,一经查实,本站将立刻删除涉嫌侵权内容。