C# 执行web方法时出错
我已经创建了asp.net Web服务。我想在验证他之后更新用户的信息,这意味着如果他输入的新用户名不存在,那么只有他才能更新新用户名,否则就不存在 问题是它成功地验证了用户,但当我试图指定不存在的新用户名时,它会给我一个错误,如C# 执行web方法时出错,c#,asp.net,sql,database,web-services,C#,Asp.net,Sql,Database,Web Services,我已经创建了asp.net Web服务。我想在验证他之后更新用户的信息,这意味着如果他输入的新用户名不存在,那么只有他才能更新新用户名,否则就不存在 问题是它成功地验证了用户,但当我试图指定不存在的新用户名时,它会给我一个错误,如 Request format is unrecognized for URL unexpectedly ending in '/UpdateUserInfo'. 以下是我的代码: public int UpdateUserInfo(string olduser
Request format is unrecognized for URL unexpectedly ending in '/UpdateUserInfo'.
public int UpdateUserInfo(string oldusername, string newusername, string mailid, string password)
{
string validateUser = "Select UserName from tbl_UserInfo where UserName='" + newusername + "' ";
con = new MySqlConnection(conString);
con.Open();
MySqlCommand cmd1 = new MySqlCommand(validateUser, con);
string User = cmd1.ExecuteScalar().ToString();
con.Close();
if (User == newusername)
{
return 0;
}
else
{
string updateUser = "Update tbl_UserInfo SET UserName='" + newusername + "',Password='" + password + "',Email_ID='" + mailid + "' where UserName='" + oldusername + "' ";
con = new MySqlConnection(conString);
con.Open();
MySqlCommand cmd = new MySqlCommand(updateUser, con);
int success = cmd.ExecuteNonQuery();
con.Close();
if (success > 0)
{
return success;
}
else
return 0;
}
}
IF my UserName is A and when i update that UserName with same name
i.e A than it should not be updated but when i give another name as B
than it should be updated by B i.e now UserName A becomes the B
谢谢..哦,请使用参数化查询。啊,处理你的可识别资源。您将省去头痛的事、SQL注入、格式不正确的数据
public int UpdateUserInfo(
string oldusername,
string newusername,
string mailid,
string password
)
{
using (var con = new MySqlConnection(conString))
using (var cmd = con.CreateCommand())
{
con.Open();
cmd.CommandText = "SELECT count(UserName) from tbl_UserInfo where UserName = @newusername";
cmd.Parameters.AddWithValue("@newusername", newusername);
var count = (long)cmd.ExecuteScalar();
if (count < 1)
{
return 0;
}
}
using (var con = new MySqlConnection(conString))
using (var cmd = con.CreateCommand())
{
con.Open();
cmd.CommandText = "UPDATE tbl_UserInfo SET UserName = @newusername, Password = @password, Email_ID = @mailid WHERE UserName = @oldusername";
cmd.Parameters.AddWithValue("@newusername", newusername);
cmd.Parameters.AddWithValue("@password", password);
cmd.Parameters.AddWithValue("@mailid", mailid);
cmd.Parameters.AddWithValue("@oldusername", oldusername);
return cmd.ExecuteNonQuery();
}
}
哦,请使用参数化查询。啊,处理你的可识别资源。您将省去头痛的事、SQL注入、格式不正确的数据
public int UpdateUserInfo(
string oldusername,
string newusername,
string mailid,
string password
)
{
using (var con = new MySqlConnection(conString))
using (var cmd = con.CreateCommand())
{
con.Open();
cmd.CommandText = "SELECT count(UserName) from tbl_UserInfo where UserName = @newusername";
cmd.Parameters.AddWithValue("@newusername", newusername);
var count = (long)cmd.ExecuteScalar();
if (count < 1)
{
return 0;
}
}
using (var con = new MySqlConnection(conString))
using (var cmd = con.CreateCommand())
{
con.Open();
cmd.CommandText = "UPDATE tbl_UserInfo SET UserName = @newusername, Password = @password, Email_ID = @mailid WHERE UserName = @oldusername";
cmd.Parameters.AddWithValue("@newusername", newusername);
cmd.Parameters.AddWithValue("@password", password);
cmd.Parameters.AddWithValue("@mailid", mailid);
cmd.Parameters.AddWithValue("@oldusername", oldusername);
return cmd.ExecuteNonQuery();
}
}
如果您已将web服务中的方法声明为
[WebMethod][WebMethod]