[英]SqlException when querying database
當我開發僅注冊頁面時,發生此錯誤
錯誤:System.Data.dll中發生類型'System.Data.SqlClient.SqlException'的異常,但未在用戶代碼中處理
碼
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class Registration : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
conn.Open();
String checkuser = "select count(*) from [UserData] where User Name='"+ TextBox1UN.Text +"'";
SqlCommand comm = new SqlCommand(checkuser,conn);
int temp = Convert.ToInt32(comm.ExecuteScalar().ToString());
if(temp==1)
{
Response.Write("user allready exists");
}
conn.Close();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
try
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
conn.Open();
String InserQuery = "insert into [UserData](UserName,Email,Password,Country)values(@Uname,@email,@pass,@country)";
SqlCommand comm = new SqlCommand(InserQuery, conn);
comm.Parameters.AddWithValue("@Uname", TextBox1UN.Text);
comm.Parameters.AddWithValue("@email", TextBox2EI);
comm.Parameters.AddWithValue("@pass", TextBox3PW);
comm.Parameters.AddWithValue("@country", DropDownList1cont.SelectedItem.ToString());
comm.ExecuteNonQuery();
Response.Write("Registration is succesful");
Response.Write("Administrator.aspx");
conn.Close();
}
catch (SqlException ex)
{
Response.Write("Error:"+ex.ToString());
}
}
protected void TextBox1_TextChanged(object sender, EventArgs e)
{
}
}
aspx文件:
<asp:SqlDataSource ID="SqlDataSourceRegistration"
runat="server"
ConnectionString="<%$ConnectionStrings:RegistrationConnectionString %>"
OnSelecting="SqlDataSourceRegistration_Selecting"
SelectCommand="SELECT * FROM [UserData]" >
</asp:SqlDataSource>
您的Query
無效, User Name
和User
是sql
的關鍵字之間沒有space
。 您的查詢應如下所示
"select count(*) from [UserData] where UserName=@username";
使用參數化SQL
向command
添加parameters
,而不是concatenating
值
comm.Parameters.AddWithValue("@username",TextBox1UN.Text);
提示:您的代碼很容易被入侵/不安全...因為您將用戶輸入放入sql字符串中,因此應該使用參數。
您在字段名稱“用戶名”中也有一個空格,我猜這是您的問題,因此我將其命名為“用戶名”。
您還應該將代碼放入try catch語句中,以便讀取錯誤。
try
{
SqlConnection connection = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
using (SqlCommand command = new SqlCommand(
"SELECT COUNT(*) from [UserData] where UserName= @Name", connection))
{
// Add new SqlParameter to the command.
command.Parameters.Add("@Name", SqlDbType.NVarChar).Value = TextBox1UN.Text;
int temp = Convert.ToInt32(command.ExecuteScalar().ToString());
if(temp==1)
{
Response.Write("user allready exists");
}
}
}
catch (Exception ex)
{
// Display the exception's data dictionary.
foreach (DictionaryEntry pair in ex.Data)
{
Console.WriteLine("{0} = {1}", pair.Key, pair.Value);
}
}
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.