stackoom
  简体   繁体   中英

WCF service keeps returning false

 原文  2014-10-22 07:32:26       c#/ sql/ database/ wcf/ ado.net

Question

So I created and invoked a WCF service in C#, but keep getting a false back, I am unsure as to why it is. It might be to do with the connection string but changing it from the current just gives me errors.

Here's my code: 

 //Create the new connection
  SqlConnection myConnection = new SqlConnection();

 //Create the query
 String myQuery = "INSERT INTO Player  (registrationID,  firstName,  lastName,  phoneNumber,  Address,  dateOfBirth) " +
                   " VALUES ('" + registrationID + "', '" + firstName + "', '" + lastName + "', '" + phoneNumber + "', '" + Address + "', '" + dateOfBirth + "');";

  //The connectionString can be found in the properties table of the database
  myConnection.ConnectionString = "Data Source=C:/Users/User/Documents/Visual Studio 2012/Projects/ADO_LINQ/ADO_LINQ/App_Data/MyDatabase.sdf";

  //Initialuze the command
  SqlCommand myCommand = new SqlCommand(myQuery, myConnection);
  SqlDataReader myReader;

  //Run the command
  try 
  {
          myConnection.Open();
          myReader = myCommand.ExecuteReader();
          //Return true if it was successful
          return true;
   }
   catch (Exception ex) 
   {
          return false;
   }

1 answers

solution1
 0 ACCPTED  2014-10-22 08:42:03

As Soner pointed out, your code is susceptible to SQL Injection attacks, and this can be remedied by using parameterized queries. Also, best practice is to use a using block with the connection so it is properly closed and disposed of once the code in the using block is exited (currently you're not even closing the connection when you're done).

Also, ExecuteNonQuery is sufficient for this - it will run the command and then return the number of rows affected (which should be 1 in this case). You can check the number of rows affected and use that to determine success/failure, in addition to using a catch block in the case of an exception. Realistically I would not expect anything other than the value of 1 unless an exception was thrown while executing the command.

Finally your posted code is swallowing the exception. You should do something with the exception (log it, execute some other code, rethrow it - depending on the requirements of your app) rather than simply returning false.

Putting it all together: 

using (SqlConnection myConnection = new SqlConnection())
{

    // Create the query
    String myQuery = "INSERT INTO Player  (registrationID,  firstName,  lastName,  phoneNumber,  Address,  dateOfBirth) " +
               " VALUES (@RegistrationID, @FirstName, @LastName, @PhoneNumber, @Address, @DateOfBirth)";

    //The connectionString can be found in the properties table of the database
    myConnection.ConnectionString = "Data Source=C:/Users/User/Documents/Visual Studio 2012/Projects/ADO_LINQ/ADO_LINQ/App_Data/MyDatabase.sdf";

    //Initialuze the command
    SqlCommand myCommand = new SqlCommand(myQuery, myConnection);
    myCommand.CommandType = CommandType.Text;
    // Here you add the values for the parameters in the query
    myCommand.Parameters.Add("@RegistrationID", SqlDbType.VarChar).Value = registrationID;
    myCommand.Parameters.Add("@FirstName", SqlDbType.VarChar).Value = firstName;
    myCommand.Parameters.Add("@LastName", SqlDbType.VarChar).Value = lastName;
    myCommand.Parameters.Add("@PhoneNumber", SqlDbType.VarChar).Value = phoneNumber;
    myCommand.Parameters.Add("@Address", SqlDbType.VarChar).Value = address;
    myCommand.Parameters.Add("@DateOfBirth", SqlDbType.VarChar).Value = dateOfBirth;

    //Run the command
    try 
    {
        myConnection.Open();
        int rowsAffected = myCommand.ExecuteNonQuery();

        if (rowsAffected == 1)
        {
            return true;
        }
        else
        {
            return false;
        }

     }
     catch (Exception ex) 
     {
         // Do something with the exception, like logging it so you can review the error 
         return false;
     }
 }

The above code wraps the call in a using statement. When the command is created, the parameters are added to the SqlCommand.Parameters collection, and then ExecuteNonQuery is returned. If the result is 1, true is returned, otherwise false is returned. If an error is encountered, false is returned but again you should do something with the exception so you can troubleshoot if needed.

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question Bool method keeps returning false WCF service keeps tempUri namespace WCF Service returning XML WCF service returning DataSet Wcf service not returning cookies WCF Service not returning data WCF service returning another service (service factory?) wcf service returning derived type Returning SqlDataReader from a WCF Service Returning data via WCF service
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM