[英]insert data from database to textbox C#
我有2個文本框和2個標簽。
標簽:UserID和ACCType。
文本框:電子郵件和密碼。
我想從文本框中找到數據,然后將數據庫中的數據插入2個標簽中。
因此,換句話說,我想在文本框中收集電子郵件和密碼。 從此信息中,我想在標簽中插入ID和AccountType。 我究竟做錯了什么?
protected void Login_Click(object sender, EventArgs e)
{
string UID = UserID.Text;
string AType = AccType.Text;
string Email = Email.Text;
string Password = Password.Text;
SqlConnection con = new SqlConnection();
con.ConnectionString = "Data Source=sql2016.fse.network;Initial Catalog=db_1518393_fse_rec; User ID=user_db_1518393_fse_rec; Password=P@55word;";
Int32 verify;
string query1 = "Select * from Accounts where Email='" + Email.Text + "' and Password='" + Password.Text + "' ";
SqlCommand cmd1 = new SqlCommand(query1, con);
con.Open();
verify = Convert.ToInt32(cmd1.ExecuteScalar());
con.Close();
if (verify > 0)
{
//successful
ErrorMessage.Text += "Logging in...";
//Response.Redirect("succesful.aspx");
//display User ID & Account Type
string query2 = "INSERT * from Accounts where Email='" + Email.Text + "' and Password='" + Password.Text + "' + ID + AccountType";
//string query2 = "Select Email, Password, ID, AccountType from Accounts(Email, Password, ID, AccountType) " + "Values('" + Email + "', '" + Password + "', '" + UID + "', '" + AType + "')";
}
else
{
//unsuccessful
//Response.Redirect("unsuccesful.aspx", true);
ErrorMessage.Text += "Email or Password incorrect! Please try again.";
}
}
這是錯的
string query2 = "INSERT * from Accounts where Email='" + Email.Text + "' and Password='" + Password.Text + "' + ID + AccountType";
應該是這樣的
INSERT INTO table_name (column1, column2, column3, ...)
VALUES (value1, value2, value3, ...);
如這里的 W3Schools中所示
這里沒什么要考慮的...
首先,正如許多人所注意到的(並且總是會這樣), 永遠不要將命令字串連接成字符串。 而是使用如下用戶參數:
string query1 = "Select * from Accounts where Email=@Email and Password=@Password ";
cmd.Parameters.Add("@Email", SqlDbType.VarChar).Value = Email.Text;
cmd.Parameters.Add("@Password", SqlDbType.VarChar).Value = Password.Text;
其次,您正在使用ExecuteScalar
,它僅返回受影響的行數。 相反,您應該使用DataReader
讀取數據。 像這樣:
SqlDataReader reader = cmd1.ExecuteReader();
verify = reader.HasRows;
if (verify)
{
ErrorMessage.Text += "Logging in...";
reader.Read();
this.lblUserId.Text = reader["ID"].ToString();
//read other data into other labels
}
con.Close();
第三,您的INSERT
語法錯誤,應該是這樣的:
string query2 = @"
INSERT INTO Accounts
(Email, Password, ID, AccountType)
VALUES
(@Email, @Password, @ID, @AccountType)
";
cmd.Parameters.Add("@Email", SqlDbType.VarChar).Value = Email.Text;
cmd.Parameters.Add("@Password", SqlDbType.VarChar).Value = Password.Text;
cmd.Parameters.Add("@ID", SqlDbType.Int).Value = /* some ID textbox or what ever */;
cmd.Parameters.Add("@AccountType", SqlDbType.Int).Value = /* some value for acc type */;
...和第四:
用戶成功登錄后,為什么要在表中輸入賬戶數據?
您說過要在從文本框中收集電子郵件和密碼后更新標簽,如果您的帳戶表包含字段“ UserId”和“ AccountType”,我想可以使用“ query1”來實現。 您應該使用DataReader而不是ExecuteScalar進行驗證並從db中讀取數據,並使用UserId和AccountType更新標簽。 以下可能是您的假設答案:
SqlDataReader dr = cmd1.ExecuteReader();
if(dr.HasRows)
{
//if email and password is okay
while(dr.Read())
{
//successful
ErrorMessage.Text += "Logging in...";
//Response.Redirect("succesful.aspx");
//display User ID & Account Type
UserId.Text = (string)dr["userid"];
AccType.Text = (string)dr["accounttype"];
}
}
else{
//unsuccessful
//Response.Redirect("unsuccesful.aspx", true);
ErrorMessage.Text += "Email or Password incorrect! Please try again.";
}
最后,我不知道為什么您要在登錄后嘗試向Account表中插入任何數據。我的意思是您應該更新表中的某些字段,而不是在表中插入新行。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.