C# 检查DropDownList的选定值是否存在于数据库中时出现问题
我有一个网页,我有字段来保存一些数据 其中一个字段保存注册指定课程的学生ID和姓名。我希望能够通过使用DropDownList为新学员注册课程。若DropDownList中的所选项目已经存在于课程表中,我应该显示一条错误消息。我有一个执行这些操作的代码,但当我在dropdownlist中选择一个已经存在的值时,它不会显示错误消息。它假定这是一个新值,并抛出异常,因为数据库不接受重复记录 我怎样才能解决这件事 我用c语言在ASP.NET中设计了这个网页C# 检查DropDownList的选定值是否存在于数据库中时出现问题,c#,asp.net,C#,Asp.net,我有一个网页,我有字段来保存一些数据 其中一个字段保存注册指定课程的学生ID和姓名。我希望能够通过使用DropDownList为新学员注册课程。若DropDownList中的所选项目已经存在于课程表中,我应该显示一条错误消息。我有一个执行这些操作的代码,但当我在dropdownlist中选择一个已经存在的值时,它不会显示错误消息。它假定这是一个新值,并抛出异常,因为数据库不接受重复记录 我怎样才能解决这件事 我用c语言在ASP.NET中设计了这个网页 protected void Dro
protected void DropDownList1_SelectedIndexChanged(object sender,
EventArgs e)
{
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Ceng.mdf;Integrated Security=True");
string qs = Request.QueryString["id"];
// Variable qs Keeps CourseID retrieved from query string
string sv = DropDownList1.SelectedItem.Value;
// Variable sv keeps selected value from DropDownList
SqlCommand cmd = new SqlCommand("Select * from Enrolment as e, Students as s where e.StudentID = s.StudentID and " +
"CourseID = " + qs + " and StudentName = '" + sv +"'", con);
// There are Students, Courses, and Enrolment tables in database
// Students table columns are StudentID, StudentName, BirthDate
// Course table columns are CourseID, CourseCode, CourseName, Instructor
// Enrolment table columns are CourseID and StudentID
con.Open();
SqlDataReader reader = cmd.ExecuteReader();
if(reader.HasRows)
{
Label1.Visible = true;
Label1.Text = "The selected student is already registered to the course!";
Label1.ForeColor = Color.Red;
}
else
{
Label1.Visible = true;
Label1.Text = "The selected student is succesfully registered!";
Label1.ForeColor = Color.Green;
SqlDataSource4.Insert();
GridView1.DataBind();
}
reader.Close();
con.Close();
}
当我从DropDownList中选择一个数据库中不存在的名称时,我得到了正确的结果
例如,杰夫·贝佐斯已经注册了给定的课程。当我选择Jeff Bezos时,我应该会收到错误消息,但我得到的异常是重复的。ID是我数据库中的一个整数值,所以我将qs的类型更改为int
protected void DropDownList1_SelectedIndexChanged(object sender,
EventArgs e)
{
SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Ceng.mdf;Integrated Security=True");
int selectedCourseId = 0;
string qs = Request.QueryString["id"];
int.TryParse(qs, out selectedCourseId);
string sv = DropDownList1.SelectedItem.Value;
SqlCommand cmd = new SqlCommand("Select * from Enrolment as e, Students as s where e.StudentID = s.StudentID and " +
"e.CourseID = @CourseID and s.StudentName = @StudentName", con);
cmd.Parameters.Add("@CourseID", SqlDbType.Int).Value = selectedCourseId;
cmd.Parameters.Add("@StudentName", SqlDbType.NVarChar).Value = sv;
con.Open();
SqlDataReader reader = cmd.ExecuteReader();
if(reader.HasRows)
{
Label1.Visible = true;
Label1.Text = "The selected student is already registered to the course!";
Label1.ForeColor = Color.Red;
}
else
{
Label1.Visible = true;
Label1.Text = "The selected student is succesfully registered!";
Label1.ForeColor = Color.Green;
SqlDataSource4.Insert();
GridView1.DataBind();
}
reader.Close();
con.Close();
}
int qs=int.ParseRequest.QueryString[id]
下面的代码应该是这样的
string sv=DropDownList1.SelectedItem.Text
更改这些代码后,我得到了真实的结果
参数化sql
将sql设置为字符串/文本并使用它
如果关联联接不正确,请创建一个内部联接
使用实现idisposable的using
假设,因为您没有发布列表的来源
关于int与id int的字符串的广义假设是最常见的,所以我同意这一点
建议将其重构为更好的测试方法
您正在执行的SELECT查询的运行时值是多少?有匹配的行吗?所描述的行为表明没有。对于从查询字符串5检索到的变量qsvalue,DROPPDLIST选择值Jeff Bazos有1条记录意味着记录存在。我强烈建议您更改代码以使用SQL中的参数而不是直接从UI值创建SQL语句——避免SQL注入攻击。对于该字符串qs=Request.QueryString[id];Prombel来了我修好了。Id是一个整数值,但我选择了字符串。你为什么从两个表中选择并构建整个交叉而不是连接它们呢?同时使用*作为选择器是不好的做法。出于速度原因,应仅选择所需的行。。
using System;
using System.Data.SqlClient;
// more here likely...
protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e)
{
string connectionString = @"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Ceng.mdf;Integrated Security=True";
string getStudentIdSql = @"
SELECT s.StudentID
FROM Enrolment AS e
INNER JOIN Students AS s
ON e.StudentID = s.StudentID
AND E.CourseID = @CourseID
AND StudentName = @StudentName
";
int courseId = int.Parse(Request.QueryString["id"]); // consider tryparse here, I make assumptions on the int also
// string studentName = DropDownList1.SelectedItem.Value; // assumption if the values are there
string studentName = DropDownList1.SelectedItem.Text; // assumption based on code/comments, key part where it is defined is missing from question
using (SqlConnection conn = new SqlConnection(connectionString))
{
using (SqlCommand cmd = new SqlCommand(getStudentIdSql, conn))
{
cmd.Parameters.Add("@CourseID", SqlDbType.Int).Value = courseId;
cmd.Parameters.Add("@StudentName", SqlDbType.VarChar, 80).Value = studentName;
SqlDataReader reader = cmd.ExecuteReader();
if (reader.HasRows)
{
/* if we wanted to have the rows
while (reader.Read())
{
Console.WriteLine($"{reader.GetInt32(0)}\t{ reader.GetString(1)}");
}
*/
Label1.Visible = true;
Label1.Text = "The selected student is already registered to the course!";
Label1.ForeColor = Color.Red;
}
/* basic thing
else
{
Console.WriteLine("No rows found.");
}
*/
else
{
Label1.Visible = true;
Label1.Text = "The selected student is succesfully registered!";
Label1.ForeColor = Color.Green;
SqlDataSource4.Insert();
GridView1.DataBind();
}
reader.Close();
}
}
}