I'm developing a website for a parent association, for a school. My system has two reserved areas, which parents and also teachers/school members has access. These two areas, are the backoffice and the FrontOffice.
I can begin a new session with a dad or mother username, and their respective password, and then in frontoffice i've a new page where, it was supossed, a new meal be sucessfully done reserved and in result of that a new row should be inserted in a SQL database table.
It happens that for this, i've next code:
protected void ReserveMeal (object sender, EventArgs e)
{
string tipoRefeicao=string.Empty;
DateTime DataSelecionada = Convert.ToDateTime(BasicDatePicker1.Text.ToString());
bool refeicaoFinalizada = false; //Refeicao nao é consumida no imediato
try
{
//ligar a base de dados e realizar nova conexao
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Vitor\Documents\Visual Studio 2015\Projects\Educational\Educational\App_Data\SchoolPASS.mdf; Integrated Security=True;Connect Timeout=30");
con.Open();
string selectUser = "SELECT count (*) from EEAluno where NomeUtilizadorEE='" + newName + "'";
string res = Convert.ToString(selectUser);
SqlCommand com = new SqlCommand(selectUser, con);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
con.Close();
if (temp == 1)
{
con.Open();
string verificaPassword = "select Password from EEAluno where NomeUtilizadorEE='" + newName + "'";
SqlCommand passCommand = new SqlCommand(verificaPassword, con);
string password = passCommand.ExecuteScalar().ToString();
if (password == Session["Pass"].ToString())//Nao testado
{
//Inserir refeicao numa tabela nova
SqlCommand insert = new SqlCommand("INSERT INTO TabelaRefeicoesEncomendadas (NomePessoa,TipoRefeicao,Data, Finalizada) VALUES (@NomePessoa,@TipoRefeicao,@Data,@Finalizada)", con);
//insert.Parameters.Add("@Id", 1);
insert.Parameters.AddWithValue("@NomePessoa", newName);
insert.Parameters.AddWithValue("@TipoRefeicao", tipoRefeicao);
insert.Parameters.AddWithValue("@Data", DataSelecionada);
insert.Parameters.AddWithValue("@Finalizada", refeicaoFinalizada);//escreve falso na DB
}
}
}
catch (Exception exc)
{
}
}
Doing a carefully analysis, in code, you could observe that i'm, trying to check if the autenticated user is the correct user.
So if we have many users inside a DB table, only one, only for example "X" (i assumed that "X" has sucessfully logged into system), is the active user, in a determined computer, and only "X" could reserve a meal for the respective children.
Resume: I've thinked in a algorithm to check the user session, and then insert a reserved meal, into a database table. I did not succeed. I think it can not verify correctly the sessions. Two errors exist.
- Every time that i try to create the meal (when method is called), the username is incremented, so if username is "X" username becomes "XX"
- The information about meal is not inserted into SQL database.
Could you help me!
Aucun commentaire:
Enregistrer un commentaire