变量传递的问题
我在一个页面A.ASPX声明了一个全局变量public aa as string,想在另一个页面用他,但是竟然不能用。
我该怎么用???
问题点数:0、回复次数:21Top
1 楼saucer(思归)回复于 2003-09-01 23:37:43 得分 0
use Session variable insteadTop
2 楼pp1234567890(胖老虎)回复于 2003-09-01 23:48:16 得分 0
楼上的,我这样用,主要是这样想的,连接的时候,比如登陆验证窗口要连接数据库,在连接字符串里有 USER ID,PASSWORD,我想把登陆界面输入的帐号密码传递过来,这样我只要在SQL里增加用户和分配权限,就可以提高安全性,也不用考虑是FORM验证还是WINDOWS验证,不知道这样的想法正确吗??Top
3 楼coolmars(mars)回复于 2003-09-01 23:55:42 得分 0
用Session变量传递Top
4 楼pp1234567890(胖老虎)回复于 2003-09-02 00:38:55 得分 0
我写了,可是传递不到WEBCONFIG里,一执行就出错
ASP。X里
Session("bid") = Request(TextBox1.Text)
Session("bname") = Request(TextBox2.Text)
Dim constr As String = ConfigurationSettings.AppSettings("dme")
Dim cnn As New SqlConnection(constr)
Dim sqlstr As String = "select * from orders"
Dim cmd As New SqlCommand(sqlstr, cnn)
cnn.Open()
DataGrid1.DataSource = cmd.ExecuteReader
DataGrid1.DataBind()
cnn.Close()
WEBCONFIG
<appSettings>
<add key="dme" value="server=lizh;user id="session("bid")";password="session("bname")";database=northwind" />
</appSettings>
我该怎么改????Top
5 楼saucer(思归)回复于 2003-09-02 00:49:49 得分 0
<appSettings>
<add key="dme" value="server=lizh;user id={0};password={1};database=northwind" />
</appSettings>
Session("bid") = Request(TextBox1.Text)
Session("bname") = Request(TextBox2.Text)
Dim constr As String = String.Format(ConfigurationSettings.AppSettings("dme"),Session("bid"),Session("bname"))
Dim cnn As New SqlConnection(constr)
Dim sqlstr As String = "select * from orders"
Dim cmd As New SqlCommand(sqlstr, cnn)
cnn.Open()
DataGrid1.DataSource = cmd.ExecuteReader
DataGrid1.DataBind()
cnn.Close()
Top
6 楼pp1234567890(胖老虎)回复于 2003-09-02 00:55:18 得分 0
用户 '(null)' 登录失败。原因: 未与信任 SQL Server 连接相关联
为什么要这样写{0}Top
7 楼saucer(思归)回复于 2003-09-02 00:59:39 得分 0
in 登陆验证page, use
Session("bid") = Request(TextBox1.Text)
Session("bname") = Request(TextBox2.Text)
in other pages, use
Dim constr As String = String.Format(ConfigurationSettings.AppSettings("dme"),Session("bid"),Session("bname"))
Dim cnn As New SqlConnection(constr)
Dim sqlstr As String = "select * from orders"
Dim cmd As New SqlCommand(sqlstr, cnn)
cnn.Open()
DataGrid1.DataSource = cmd.ExecuteReader
DataGrid1.DataBind()
cnn.Close()
>>>>为什么要这样写{0}
so you can 把登陆界面输入的帐号密码传递进去
Top
8 楼pp1234567890(胖老虎)回复于 2003-09-02 01:03:04 得分 0
>>>>为什么要这样写{0}
so you can 把登陆界面输入的帐号密码传递进去
高手,能讲讲为什么吗?结果很重要,但过程更重要呀,我理解了,下次就知道该怎么做了,可是你告诉我结果,我下次遇见了,不又的麻烦你。
对了,这样的安全性怎么样?利弊是什么?Top
9 楼pp1234567890(胖老虎)回复于 2003-09-02 01:08:44 得分 0
不行呀,还是出现同样的错误
System.Data.SqlClient.SqlException: 用户 '(null)' 登录失败。原因: 未与信任 SQL Server 连接相关联。
Top
10 楼saucer(思归)回复于 2003-09-02 01:17:59 得分 0
your connection string is like
"server=lizh;user id=YourUID;password=YourPassword;database=northwind" />
but you want to change YourUID and YourPassword on the fly, with
s = String.Format("server=lizh;user id={0};password={1};database=northwind",Session("bid"),Session("bname"))
the login name and password will be put into the right place in the connection string
>>>>不行呀,还是出现同样的错误
make sure
Session("bid") is not null, read my post carefully, you only set Session("bid") in your 登陆验证page, but just use them in other pages
Top
11 楼pp1234567890(胖老虎)回复于 2003-09-02 01:22:54 得分 0
我用的帐号密码都是SA,如果换成正常的连接的写法,可以执行,我按照你说的,建立了两个页面
一个页面是
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Session("bid") = Request(TextBox1.Text)
Session("bname") = Request(TextBox2.Text)
Response.Redirect("webform2.aspx")
End Sub
另一个是
Private Sub Page_Load(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles MyBase.Load
'在此处放置初始化页的用户代码
Dim constr As String = String.Format(ConfigurationSettings.AppSettings("dme"), Session("bid"), Session("bname"))
Dim cnn As New SqlConnection(constr)
Dim sqlstr As String = "select * from orders"
Dim cmd As New SqlCommand(sqlstr, cnn)
cnn.Open()
DataGrid1.DataSource = cmd.ExecuteReader
DataGrid1.DataBind()
cnn.Close()
End Sub
WEB。CONFIG
<appSettings>
<add key="dme" value="server=lizh;user id={0};password={1};database=northwind" />
</appSettings>Top
12 楼saucer(思归)回复于 2003-09-02 01:30:12 得分 0
if you write out
Dim constr As String = String.Format(ConfigurationSettings.AppSettings("dme"), Session("bid"), Session("bname"))
Response.Write("*****" + connstr + "*****")
Response.End()
what do you see?Top
13 楼pp1234567890(胖老虎)回复于 2003-09-02 01:36:25 得分 0
ID 和PWD 怎么都是空呢?为什么???Top
14 楼pp1234567890(胖老虎)回复于 2003-09-02 01:37:23 得分 0
SESSION值怎么没有传递过来?Top
15 楼saucer(思归)回复于 2003-09-02 01:38:15 得分 0
Private Sub Button1_Click(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button1.Click
Session("bid") = TextBox1.Text
Session("bname") = TextBox2.Text
Response.Redirect("webform2.aspx")
End Sub
Top
16 楼pp1234567890(胖老虎)回复于 2003-09-02 01:41:08 得分 0
我是这样写的呀,为什么SESSION 失效了Top
17 楼pp1234567890(胖老虎)回复于 2003-09-02 01:44:03 得分 0
成功了,但是按书上书的应该用REQUEST,但是为什么这里竟然没有值传递过来呢?还有,这样的安全性怎么样???Top
18 楼saucer(思归)回复于 2003-09-02 01:50:16 得分 0
they are server controls, otherwise, you could do
Session("bid") = Request.Form("TextBox1")
Session("bname") = Request.Form("TextBox2")Top
19 楼pp1234567890(胖老虎)回复于 2003-09-02 01:53:07 得分 0
那这样的安全性如何???Top
20 楼pp1234567890(胖老虎)回复于 2003-09-02 01:58:44 得分 0
还有呀,随着我的参数增多,在WEB。CONF里的写法就象这个样子user id={0};password={1};xx{x}...会越来越多Top
21 楼saucer(思归)回复于 2003-09-02 02:04:05 得分 0
安全性? what 安全性??
they are in the session variables, on the server side
but frankly, your method doesn't look good, since it allows people to try/break uid/pwd, if you want security, try authentication insteadTop
