我有几个会话变量,我需要设置权限,只有userID,userName和sessionAdmin变量才能通过。我做了一个 cfdump 并看到所有变量都设置为 0,这是 cfparam 默认值。我也无法让页面重定向到我的示例地址。
登录.cfm
<cfif isDefined("FORM.login")>
<cfset Encryptpwd = Encrypt(FORM.password, application.PsswrdKy)>
<cfset loginInfo = CFCmain.getLogin(FORM.username,Encryptpwd)>
<cflock timeout=20 scope="session" type="exclusive">
<cfset session.UserName = loginInfo.username>
<cfset session.userid = loginInfo.id>
<cfset session.Access_admin = loginInfo.superadmin>
<cfset session.Access_var1 = loginInfo.var1>
<cfset session.Access_var2 = loginInfo.var2>
<cfset session.Access_var3 = loginInfo.var3>
<cfset session.Access_var4= loginInfo.var4>
<cfset session.Access_agency = loginInfo.agency>
</cflock>
<cflocation url="http://www.google.com">
</cfif>
和 main.cfc,其中我的变量是从数据库中提取
的<cffunction name= "getLogin" access="remote" returntype="any" >
<cfargument name="uname" type="string">
<cfargument name="pwd" type="string">
<cfquery name="getdata" datasource="#application.db#">
select * from users2 where username = '#arguments.uname#' and password = '#arguments.pwd#'
</cfquery>
<cfreturn getdata>
</cffunction>
对我来说
,看起来变量FORM.login没有定义!?尝试:
<cfif isDefined("FORM.login")>
<cfdump var="hello">
<cfabort>
....
如果您没有看到"hello",则未定义 FORM.login...
另请尝试:
<cfdump var="#form#" abort>
以查看表单范围中定义的内容。
还有别人怎么说的,用cfqueryparam!!(安全)
<cfquery name="getdata" datasource="#application.db#">
select *
from users2
where username = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.uname#">
and password = <cfqueryparam cfsqltype="cf_sql_varchar" value="#arguments.pwd#">
</cfquery>