我正在尝试对照SQL表中的特定列检查用户名,如果不存在该用户名,则显示一条消息,如果存在-请继续执行代码。但是由于某种原因,即使用户存在,我也只能看到阻止消息。您能帮我找出一个错误吗?
private void btnGrntOvw_Click(object sender, EventArgs e)
{
string User = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
string queryString = ("SELECT COUNT([Guarantee]) FROM [tablename]
WHERE [Guarantee] = '" + User + "'");
string connString = @"Data Source=etc";
string groupId = textGrntOvw.Text.Trim();
using (SqlConnection connection = new SqlConnection(connString))
{
using (SqlCommand sqlCommand = new SqlCommand(queryString, connection))
{
connection.Open();
var userCount = Convert.ToInt32(sqlCommand.ExecuteScalar());
if (userCount == 0)
{
MessageBox.Show("The report is locked because the authorization ID does not have the required authorization or privilege to run the report.");
}
else if (groupId.Length < 6 | groupId.Length > 13)
{
MessageBox.Show("Incorrect customer ID");
}
else if (radioGrntOvwSingle.Checked)
{
GrntOvw frm1 = new GrntOvw(groupId);
frm1.StartPosition = FormStartPosition.CenterParent;
frm1.Show(this);
}
else if (radioGrntOvwGroup.Checked)
{
GrntOvwGroup frm3 = new GrntOvwGroup(groupId);
frm3.StartPosition = FormStartPosition.CenterParent;
frm3.Show(this);
}
else
{
MessageBox.Show("Please select one of the options");
}
}
}
}
因此,我希望如果用户存在,请检查groupID是否具有适当的长度等,但如果不是,那么我只需要显示第一条消息
我首先对数据库运行原始SQL,以查看它是否带回带有用户名的预期结果。我还建议使用如下所示的SQL参数来防止SQL注入:
// 1. declare command object with parameter
SqlCommand cmd = new SqlCommand("SELECT COUNT([Guarantee]) FROM [tablename]
WHERE [Guarantee] = @Guarantee", conn);
// 2. define parameters used in command object
SqlParameter param = new SqlParameter();
param.ParameterName = "@Guarantee";
param.Value = User;
// 3. add new parameter to command object
cmd.Parameters.Add(param);
//Execute your code
您好,我冒昧地清理了一下代码,从您未指定巫婆阻止消息的问题开始,所以我认为这是与groupid有关的消息,或者是在他的情况下抛出了巫婆异常将显示在catch异常部分中,希望对您有所帮助
private void btnGrntOvw_Click(object sender, EventArgs e)
{
string groupId = textGrntOvw.Text.Trim();
if (groupId.Length < 6 || groupId.Length > 13){
MessageBox.Show("Incorrect customer ID");
}
else{
try
{
string User = System.Security.Principal.WindowsIdentity.GetCurrent().Name;
string queryString = ("SELECT COUNT([Guarantee]) FROM [tablename]
WHERE [Guarantee] = '" + User + "'");
string connString = @"Data Source=etc";
using (SqlConnection connection = new SqlConnection(connString))
{
SqlCommand sqlCommand = new SqlCommand(queryString, connection)
connection.Open();
var userCount = Convert.ToInt32(sqlCommand.ExecuteScalar());
if (userCount != 0)
{
if (radioGrntOvwSingle.Checked)
{
GrntOvw frm1 = new GrntOvw(groupId);
frm1.StartPosition = FormStartPosition.CenterParent;
frm1.Show(this);
}
else if (radioGrntOvwGroup.Checked)
{
GrntOvwGroup frm3 = new GrntOvwGroup(groupId);
frm3.StartPosition = FormStartPosition.CenterParent;
frm3.Show(this);
}else{
MessageBox.Show("Please select one of the options");
}
}
else
{
MessageBox.Show("The report is locked because the authorization ID does not have the required authorization or privilege to run the report.");
}
}
}
catch (Exception e)
{
MessageBox.Show(e.Message);
}
}
}