我创建了asp.net WebService。我想在验证他之后更新用户的信息,意味着他输入的新用户名是否已经存在,而不仅仅是他可以更新新的用户名。否则不会。
问题是它成功验证了用户,但是当我尝试指定不存在的新UserName时,它给出了类似的错误;
Request format is unrecognized for URL unexpectedly ending in '/UpdateUserInfo'.
以下是我的代码:
public int UpdateUserInfo(string oldusername, string newusername, string mailid, string password)
{
string validateUser = "Select UserName from tbl_UserInfo where UserName='" + newusername + "' ";
con = new MySqlConnection(conString);
con.Open();
MySqlCommand cmd1 = new MySqlCommand(validateUser, con);
string User = cmd1.ExecuteScalar().ToString();
con.Close();
if (User == newusername)
{
return 0;
}
else
{
string updateUser = "Update tbl_UserInfo SET UserName='" + newusername + "',Password='" + password + "',Email_ID='" + mailid + "' where UserName='" + oldusername + "' ";
con = new MySqlConnection(conString);
con.Open();
MySqlCommand cmd = new MySqlCommand(updateUser, con);
int success = cmd.ExecuteNonQuery();
con.Close();
if (success > 0)
{
return success;
}
else
return 0;
}
}
注意:我想要结果为;
IF my UserName is A and when i update that UserName with same name
i.e A than it should not be updated but when i give another name as B
than it should be updated by B i.e now UserName A becomes the B
什么可能有问题?
请给出解决方案。
谢谢..
答案 0 :(得分:4)
哦,请使用参数化查询。啊,并处理你的IDisposable资源。你会节省头痛,SQL注入,格式不正确的数据......
public int UpdateUserInfo(
string oldusername,
string newusername,
string mailid,
string password
)
{
using (var con = new MySqlConnection(conString))
using (var cmd = con.CreateCommand())
{
con.Open();
cmd.CommandText = "SELECT count(UserName) from tbl_UserInfo where UserName = @newusername";
cmd.Parameters.AddWithValue("@newusername", newusername);
var count = (long)cmd.ExecuteScalar();
if (count < 1)
{
return 0;
}
}
using (var con = new MySqlConnection(conString))
using (var cmd = con.CreateCommand())
{
con.Open();
cmd.CommandText = "UPDATE tbl_UserInfo SET UserName = @newusername, Password = @password, Email_ID = @mailid WHERE UserName = @oldusername";
cmd.Parameters.AddWithValue("@newusername", newusername);
cmd.Parameters.AddWithValue("@password", password);
cmd.Parameters.AddWithValue("@mailid", mailid);
cmd.Parameters.AddWithValue("@oldusername", oldusername);
return cmd.ExecuteNonQuery();
}
}
或者您也可以将它们分成不同的方法:
public bool UsernameExists(string username)
{
using (var con = new MySqlConnection(conString))
using (var cmd = con.CreateCommand())
{
con.Open();
cmd.CommandText = "SELECT count(UserName) from tbl_UserInfo where UserName = @newusername";
cmd.Parameters.AddWithValue("@newusername", username);
return (long)cmd.ExecuteScalar() > 0;
}
}
public int Update(string oldusername, string newusername, string mailid, string password)
{
using (var con = new MySqlConnection(conString))
using (var cmd = con.CreateCommand())
{
con.Open();
cmd.CommandText = "UPDATE tbl_UserInfo SET UserName = @newusername, Password = @password, Email_ID = @mailid WHERE UserName = @oldusername";
cmd.Parameters.AddWithValue("@newusername", newusername);
cmd.Parameters.AddWithValue("@password", password);
cmd.Parameters.AddWithValue("@mailid", mailid);
cmd.Parameters.AddWithValue("@oldusername", oldusername);
return cmd.ExecuteNonQuery();
}
}
public int UpdateUserInfo(string oldusername, string newusername, string mailid, string password)
{
if (!UsernameExists(newusername))
{
return Update(oldusername, newusername, mailid, password);
}
return 0;
}