0

This is the code that I wrote

private void ViewUsers()
{
    con.Open();
    SqlCommand com = new SqlCommand();
    com.Connection = con;
    com.CommandText =
        "SELECT FirstName + ' ' + LastName AS Name FROM Clients WHERE UserID=" + Session["userid"];

    SqlDataReader data = com.ExecuteReader();

    while (data.Read())
    {
        lblName.Text = data["Name"].ToString();
    }
    data.Close();
    con.Close();
}

private void GetUserType()
{
    con.Open();
    SqlCommand com = new SqlCommand();
    com.Connection = con;
    com.CommandText =
        "SELECT UserTypeID FROM Users WHERE UserID=" + Session["userid"];

    SqlDataReader d2 = com.ExecuteReader();
    if (d2["UserTypeID"].ToString() != "4")
    {
        Response.Redirect("ContactUS.aspx");
    }
}

How can I get the value from the Session["userid"] which is in the ViewUsers() to the GetUserType?

marc_s
  • 732,580
  • 175
  • 1,330
  • 1,459
Jose
  • 13
  • 1
  • The two should be the same. Have you tried this? – John Saunders Nov 15 '12 at 03:13
  • Where do you set `Session["userid"] = someValue`? What is the problem you are having when you have the above code. Both appear to be correct. (Although you do have a security problem because you are not using command parameters, but are concatenating a SQL query. This opens you up to SQL Injection attacks) – AaronLS Nov 15 '12 at 03:17
  • The UserID in ViewUsers is in a different table than the userid in the GetUserType. – Jose Nov 15 '12 at 03:20
  • I'm having problems with the getusertype because it cannot read the usertype of the user who is currently logged in. – Jose Nov 15 '12 at 03:24

1 Answers1

1

In regards to your comment, Session has nothing to do with the tables. When a user accesses your site and you set Session["userid"] = "bob" then later access it from other locations Session["userid"] it will always provide the value "bob". So your code that accesses Session["userid"] in both methods should be giving you the value in both cases.

Session["userid"] has nothing to do with tables. It is just a list of name/value pairs. Above "userid" is the name of the Session value "bob".

When you say "it cannot read", are you getting an exception? Or does ExecuteReader succeed but return no records? I notice you're not calling d2.Read() before trying d2["UserTypeId"]

Usually you would also check d2.HasRows before calling .Read since you wouldn't want to try and retrieve data if there were no rows.

Use your debugger to see what Session["userid"] produces as a value in the watch window when you set a breakpoint in the method. Highlight, rightclick, add watch. This will help you determine if that is the problem or not.

You can add d2.HasRows to watch as well and after you step past ExecuteReader you can see what its value is. If it's not producing any results, then maybe there are no rows in the table for that user.

Since it looks like you only want a single value for a single row, ExecuteScalar might be a better fit: https://stackoverflow.com/a/5794595/84206

Community
  • 1
  • 1
AaronLS
  • 37,329
  • 20
  • 143
  • 202
  • 1
    YAY! Now I challenge you to use an SqlParameter so your applications don't get hacked by bad people: http://www.dotnetperls.com/sqlparameter – AaronLS Nov 15 '12 at 03:42