Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/274.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# 检查DropDownList的选定值是否存在于数据库中时出现问题_C#_Asp.net - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# 检查DropDownList的选定值是否存在于数据库中时出现问题

C# 检查DropDownList的选定值是否存在于数据库中时出现问题

c# asp.net

C# 检查DropDownList的选定值是否存在于数据库中时出现问题,c#,asp.net,C#,Asp.net,我有一个网页,我有字段来保存一些数据 其中一个字段保存注册指定课程的学生ID和姓名。我希望能够通过使用DropDownList为新学员注册课程。若DropDownList中的所选项目已经存在于课程表中,我应该显示一条错误消息。我有一个执行这些操作的代码,但当我在dropdownlist中选择一个已经存在的值时,它不会显示错误消息。它假定这是一个新值,并抛出异常,因为数据库不接受重复记录 我怎样才能解决这件事 我用c语言在ASP.NET中设计了这个网页 protected void Dro

我有一个网页,我有字段来保存一些数据

其中一个字段保存注册指定课程的学生ID和姓名。我希望能够通过使用DropDownList为新学员注册课程。若DropDownList中的所选项目已经存在于课程表中,我应该显示一条错误消息。我有一个执行这些操作的代码,但当我在dropdownlist中选择一个已经存在的值时,它不会显示错误消息。它假定这是一个新值,并抛出异常,因为数据库不接受重复记录

我怎样才能解决这件事

我用c语言在ASP.NET中设计了这个网页

    protected void DropDownList1_SelectedIndexChanged(object sender, 
    EventArgs e)
    {
        SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Ceng.mdf;Integrated Security=True");


        string qs = Request.QueryString["id"]; 
        // Variable qs Keeps CourseID retrieved from query string

        string sv = DropDownList1.SelectedItem.Value; 
        // Variable sv keeps selected value from DropDownList


        SqlCommand cmd = new SqlCommand("Select * from Enrolment as e, Students as s where e.StudentID = s.StudentID and " +
                          "CourseID = " + qs + " and StudentName = '" + sv +"'", con);
        // There are Students, Courses, and Enrolment tables in database
        // Students table columns are StudentID, StudentName, BirthDate
        // Course table columns are CourseID, CourseCode, CourseName, Instructor
        // Enrolment table columns are CourseID and StudentID


        con.Open();
        SqlDataReader reader = cmd.ExecuteReader();

        if(reader.HasRows)
        {
            Label1.Visible = true;
            Label1.Text = "The selected student is already registered to the course!";
            Label1.ForeColor = Color.Red;
        }
        else
        {
            Label1.Visible = true;
            Label1.Text = "The selected student is succesfully registered!";
            Label1.ForeColor = Color.Green;


            SqlDataSource4.Insert();
            GridView1.DataBind();
        }

        reader.Close();
        con.Close();
    }
当我从DropDownList中选择一个数据库中不存在的名称时,我得到了正确的结果

例如,杰夫·贝佐斯已经注册了给定的课程。当我选择Jeff Bezos时,我应该会收到错误消息,但我得到的异常是重复的。

ID是我数据库中的一个整数值,所以我将qs的类型更改为int 
protected void DropDownList1_SelectedIndexChanged(object sender, 
    EventArgs e)
    {
        SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Ceng.mdf;Integrated Security=True");

        int selectedCourseId = 0;
        string qs = Request.QueryString["id"];        

        int.TryParse(qs, out selectedCourseId);

        string sv = DropDownList1.SelectedItem.Value;           

        SqlCommand cmd = new SqlCommand("Select * from Enrolment as e, Students as s where e.StudentID = s.StudentID and " +
                          "e.CourseID = @CourseID and s.StudentName = @StudentName", con);

        cmd.Parameters.Add("@CourseID", SqlDbType.Int).Value = selectedCourseId;
        cmd.Parameters.Add("@StudentName", SqlDbType.NVarChar).Value = sv;

        con.Open();
        SqlDataReader reader = cmd.ExecuteReader();

        if(reader.HasRows)
        {
            Label1.Visible = true;
            Label1.Text = "The selected student is already registered to the course!";
            Label1.ForeColor = Color.Red;
        }
        else
        {
            Label1.Visible = true;
            Label1.Text = "The selected student is succesfully registered!";
            Label1.ForeColor = Color.Green;


            SqlDataSource4.Insert();
            GridView1.DataBind();
        }

        reader.Close();
        con.Close();
    }
int qs=int.ParseRequest.QueryString[id]

下面的代码应该是这样的 string sv=DropDownList1.SelectedItem.Text

更改这些代码后,我得到了真实的结果

参数化sql 将sql设置为字符串/文本并使用它 如果关联联接不正确,请创建一个内部联接 使用实现idisposable的using 假设,因为您没有发布列表的来源 关于int与id int的字符串的广义假设是最常见的,所以我同意这一点 建议将其重构为更好的测试方法
您正在执行的SELECT查询的运行时值是多少?有匹配的行吗?所描述的行为表明没有。对于从查询字符串5检索到的变量qsvalue,DROPPDLIST选择值Jeff Bazos有1条记录意味着记录存在。我强烈建议您更改代码以使用SQL中的参数而不是直接从UI值创建SQL语句——避免SQL注入攻击。对于该字符串qs=Request.QueryString[id];Prombel来了我修好了。Id是一个整数值,但我选择了字符串。你为什么从两个表中选择并构建整个交叉而不是连接它们呢?同时使用*作为选择器是不好的做法。出于速度原因,应仅选择所需的行。。 
       using System;
       using System.Data.SqlClient;
        // more here likely...
        protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e)
        {
            string connectionString = @"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Ceng.mdf;Integrated Security=True";
            string getStudentIdSql = @"
                SELECT s.StudentID 
                FROM Enrolment AS e
                INNER JOIN Students AS s 
                    ON e.StudentID = s.StudentID 
                    AND E.CourseID = @CourseID
                    AND StudentName = @StudentName
            ";
            int courseId = int.Parse(Request.QueryString["id"]); // consider tryparse here, I make assumptions on the int also
            // string studentName = DropDownList1.SelectedItem.Value; // assumption if the values are there
            string studentName = DropDownList1.SelectedItem.Text; // assumption based on code/comments, key part where it is defined is missing from question
            using (SqlConnection conn = new SqlConnection(connectionString))
            {
                using (SqlCommand cmd = new SqlCommand(getStudentIdSql, conn))
                {
                    cmd.Parameters.Add("@CourseID", SqlDbType.Int).Value = courseId;
                    cmd.Parameters.Add("@StudentName", SqlDbType.VarChar, 80).Value = studentName;
                    SqlDataReader reader = cmd.ExecuteReader();
                    if (reader.HasRows)
                    {
                        /* if we wanted to have the rows
                    while (reader.Read())
                    {
                        Console.WriteLine($"{reader.GetInt32(0)}\t{ reader.GetString(1)}");
                    }
                    */
                        Label1.Visible = true;
                        Label1.Text = "The selected student is already registered to the course!";
                        Label1.ForeColor = Color.Red;
                    }
                    /* basic thing
                else
                {
                    Console.WriteLine("No rows found.");
                }
                */
                    else
                    {
                        Label1.Visible = true;
                        Label1.Text = "The selected student is succesfully registered!";
                        Label1.ForeColor = Color.Green;
                        SqlDataSource4.Insert();
                        GridView1.DataBind();
                    }

                    reader.Close();
                }
            }
        }