Click here to Skip to main content
15,995,397 members
Please Sign up or sign in to vote.
1.00/5 (1 vote)
See more:
can any one of you please look into my code [Asp.net C#]. As i am totally lost in it...

Basically the scenario is ...once the user is authenticated, the system fetch the userrights form the db and user right could be multiples. So i want to store in session variable. what i have done is .. i have datatable and SQLadopter and fill the datatable. After that i assigned the complete datatable to session variable. Please do let me know how to retrieve multiple values from session variable on same page as well as on other page.

What I have tried:

strQryToChkUsrRights = "SELECT HaveRightFor AS [Have Right For] FROM ProjectUserRights WHERE (UserID = " + Session["User_ID"].ToString() + ")";
                    SqlCommand SQLComndToChkUserRights = new SqlCommand(strQryToChkUsrRights, conLog);
                    SQLComndToChkUserRights.CommandType = CommandType.Text;

                    SqlDataAdapter adapter = new SqlDataAdapter(SQLComndToChkUserRights);
                    DataTable dt = new DataTable();
                    adapter.Fill(dt);
                    
                    if (dt.Rows.Count>1)
                    {
                        Session["S_User_Rights"] = dt;

                        if (Session["S_User_Rights"] != null)
                        {

                            lblError.Text = "Its okay"; 
                            return;
                        }
                        else
                        {
                            lblError.Text = "Its an error";
                            return;
                        }
                    }
                    else
                    {
                        lblError.Text = "User Rights Not Defined, Please Contact Your Software Developer";
                        return;
                    }
Posted
Updated 17-Jul-19 12:46pm
v2

1 solution

First thing's first- get rid of the SQL Injection Vulnerability. NEVER EVER build a query using a bunch of strings cobbled together.
C#
string SessionUserID = Session["User_ID"].ToString();
if (SessionUserID != null) {
  string strQryToChkUsrRights = "SELECT HaveRightFor FROM ProjectUserRights WHERE (UserID = @UserID)";

  SqlCommand SQLComndToChkUserRights = new SqlCommand(strQryToChkUsrRights, conLog);

  SQLComndToChkUserRights.Parameters.AddWithValue("@UserID",SessionUserID);

  SQLComndToChkUserRights.CommandType = CommandType.Text;

Now that we have that taken care of... You can retrieve the Session contents back into your datatable.
C#
if (Session["S_User_Rights"] != null) {
  DataTable HasRightsFor  = (DataTable)Session["S_User_Rights"];
  // and continue on
}

I personally would just use an IEnumerable<list> which would allow you easier checking via LINQ.
 
Share this answer
 

This content, along with any associated source code and files, is licensed under The Code Project Open License (CPOL)



CodeProject, 20 Bay Street, 11th Floor Toronto, Ontario, Canada M5J 2N8 +1 (416) 849-8900