C# 在签入if-else语句时跳过了一个错误
我在使用if-else语句检查程序时遇到此错误。我有两件事要检查。是的C# 在签入if-else语句时跳过了一个错误,c#,asp.net,sql,C#,Asp.net,Sql,我在使用if-else语句检查程序时遇到此错误。我有两件事要检查。是的 警察ID(PK) NRIC 下面的语句检查文本框的policyid和NRIC值是否与数据库中的值相同 if (tbpid.Text.Equals(dr["policeid"].ToString().Trim()) && (tbnric.Text.Equals(dr["nric"].ToString().Trim()))) { lbmsg
if (tbpid.Text.Equals(dr["policeid"].ToString().Trim()) && (tbnric.Text.Equals(dr["nric"].ToString().Trim())))
{
lbmsg.Text = "This police account has already exist. Please verify the details again.";
}
如果文本框(警察id)的值与数据库中的值相同,它们将给出另一个不同的错误
if (tbpid.Text.Equals(dr["policeid"].ToString()))
{
lbmsg.Text = "This police ID has already exists. Please generate another Police ID";
}
如果文本框(NRIC)的值与数据库中的值相同,它们将给出另一个错误
if (tbnric.Text.Equals(dr["nric"].ToString()))
{
lbmsg.Text ="This NRIC has already exist. Please ensure that the NRIC is correct";
}
若我将所有的错误检查信息组合在一起,它将是这样的
protected void btnAdd_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Data Source = localhost; Initial Catalog = MajorProject; Integrated Security= SSPI");
con.Open();
SqlCommand select = new SqlCommand("Select policeid, nric from PoliceAccount where policeid = @policeid" , con);
SqlDataReader dr;
select.Parameters.AddWithValue("@policeid", tbpid.Text);
dr = select.ExecuteReader();
if(dr.Read())
{
if (tbpid.Text.Equals(dr["policeid"].ToString().Trim()) && (tbnric.Text.Equals(dr["nric"].ToString().Trim())))
{
lbmsg.Text = "This police account has already exist. Please verify the details again.";
}
else if (tbpid.Text.Equals(dr["policeid"].ToString()))
{
lbmsg.Text = "This police ID has already exists. Please generate another Police ID";
}
else if (tbnric.Text.Equals(dr["nric"].ToString()))
{
lbmsg.Text ="This NRIC has already exist. Please ensure that the NRIC is correct";
}
}
else
{
SqlConnection conn = new SqlConnection("Data Source = localhost; Initial Catalog = MajorProject; Integrated Security= SSPI");
conn.Open();
SqlCommand cmd = new SqlCommand("insert into PoliceAccount(policeid, password, nric, fullname, postedto) values('" + tbpid.Text.Trim() + "','" + tbpid.Text.Trim() + "','" + tbnric.Text.Trim() + "','" + tbfullname.Text.Trim() + "', '" + ddllocation.SelectedValue + "')", conn);
cmd.ExecuteNonQuery();
conn.Close();
lbmsg.Text = "Congratulations. The police account of ID " + tbpid.Text + " has been successfully added. You may edit the profile via the edit profile tab above";
tbpid.Text = "";
tbnric.Text = "";
tbfullname.Text = "";
ddllocation.SelectedValue = "Select Location";
}
//ConfirmButtonExtender2.ConfirmText = "Are you sure you want to add this Police Account " + tbpid.Text + " ?";
}
}
然而,这里的问题是,错误检查消息的前两条语句能够正常工作。不幸的是,NRIC的一个不起作用。例如,如果我要键入一个不同的policyid但是相同的NRIC,那么数据仍然被插入到数据库中,这意味着它完全忽略上面的NRIC错误检查。我已经看了好几个小时了,还没有找到问题所在。如果有人能在这方面指导我,我将不胜感激
此外,在我的数据库中,我将我的主键设置为policyid,而NRIC只是数据库中的一个常规数据列
尊敬。由于此查询,最后一个不起作用
从policycount中选择policyid,nric,其中policyid=@policyid
这不会返回任何行,因为ploiceid不存在意味着dr.Read()
为false,因为没有要读取的行,所以它直接进入数据库中插入数据的其他部分。为了让它发挥作用。像这样试试
if(dr.Read())
{
if (tbpid.Text.Equals(dr["policeid"].ToString().Trim()) && (tbnric.Text.Equals(dr["nric"].ToString().Trim())))
{
lbmsg.Text = "This police account has already exist. Please verify the details again.";
}
else if (tbpid.Text.Equals(dr["policeid"].ToString()))
{
lbmsg.Text = "This police ID has already exists. Please generate another Police ID";
}
}
else
{
if (tbnric.Text.Equals(dr["nric"].ToString()))
{
lbmsg.Text ="This NRIC has already exist. Please ensure that the NRIC is correct";
}
else
{
SqlConnection conn = new SqlConnection("Data Source = localhost; Initial Catalog = MajorProject; Integrated Security= SSPI");
conn.Open();
SqlCommand cmd = new SqlCommand("insert into PoliceAccount(policeid, password, nric, fullname, postedto) values('" + tbpid.Text.Trim() + "','" + tbpid.Text.Trim() + "','" + tbnric.Text.Trim() + "','" + tbfullname.Text.Trim() + "', '" + ddllocation.SelectedValue + "')", conn);
cmd.ExecuteNonQuery();
conn.Close();
lbmsg.Text = "Congratulations. The police account of ID " + tbpid.Text + " has been successfully added. You may edit the profile via the edit profile tab above";
tbpid.Text = "";
tbnric.Text = "";
tbfullname.Text = "";
ddllocation.SelectedValue = "Select Location";
}
}
要使现有代码正常工作,请尝试此查询
从policycount中选择policyid,nric,其中policyid=@policyid或nric=@nric
如果其中一个id存在于数据库中,并且两个id都没有插入到数据库中,则它将始终返回行。您的select语句似乎就是问题所在。似乎您也希望nric是唯一的,但在select语句的where子句中不使用它。按照现在的方式,只要policyid是唯一的,任何nric值都可以。换句话说,如果前两个检查通过,那么第三个检查也会通过。请尝试以下方法:
SqlCommand select = new SqlCommand("Select policeid, nric from PoliceAccount where policeid = @policeid or nric = @nric" , con);
SqlDataReader dr;
select.Parameters.AddWithValue("@policeid", tbpid.Text);
select.Parameters.AddWithValue("@nric", tbnric.Text);
dr = select.ExecuteReader();
然而,如果您不希望nric是唯一的,那么您的代码就可以正常工作 你让我伤心。您的代码对于SQL注入非常脆弱,您应该考虑修复它。我知道一些叫做SQL注入的东西,但目前我主要关心的不是这个。我仍在尝试做一个简单的应用程序,它将只供我使用。至于安全方面,我一定会在完成我的项目后进行调查。谢谢你的关心。@Teochuneweibrian阅读下面的答案,我相信它会对你有所帮助?实际上一切都很好。下面给出的SQL语句是正确的。在将
和
更改为或
后,我将放置在policyid=@policyid和nric=@nric
的位置。谢谢