我有一个带有用户名,密码和用户标识符的网络表单,将用户分类为管理员的“A”或标准用户的“U”。
当您提交表单时,它应该写入我在visual studio中设置的数据库,该数据库目前已经有其他用户。
当我测试Web表单时,我收到错误“NullReferenceException未被用户代码处理”,“对象引用未设置为对象的实例”。它指向我的网页表单上的这行代码。
clsDataLayer.SaveUser(Server.MapPath("PayrollSystem_DB.mdb"), Session["txtUserName"].ToString(), Session["txtPassword"].ToString(), Session["drpdwnlstSecurityLevel"].ToString());
你觉得这行代码有什么问题吗?
我有一个标有“txtPassword”的文本框,一个标有“txtPassword”的文本框和一个标有“drpdwnlstSecurityLevel”的U或A选项的下拉列表。
当你提交信息时,它应该发送给我的clsDataLayer.cs SaveUser方法,它是:
public static bool SaveUser(string Database, string UserName, string UserPassword, string SecurityLevel)
{
bool userSaved;
try
{
// Define SQLConnClass
OleDbConnection conn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
conn.Open();
OleDbCommand command = conn.CreateCommand();
string strSQL;
// this insert data to user table
strSQL = "Insert into tblUserLogin " +
"(UserName, UserPassword, SecurityLevel) values ('" +
UserName + "', '" + UserPassword + "', " + SecurityLevel + "')";
// this gives a command to get or set values
command.CommandType = CommandType.Text;
command.CommandText = strSQL;
// This sql statements brings out the affacted rows
command.ExecuteNonQuery();
// closes the connection
conn.Close();
userSaved = true;
}
catch (Exception ex)
{
userSaved = false;
}
return userSaved;
}
当您尝试使用我的webform创建新用户时,它不会创建任何记录,它只会发出我提到的错误。
以下是我的所有与此问题相关的代码:
FILE clsDataLayer.cs:
//此功能保存用户数据 public static bool SaveUser(string Database,string UserName,string UserPassword,string SecurityLevel) {
bool userSaved;
try
{
// Define SQLConnClass
OleDbConnection conn = new OleDbConnection("PROVIDER=Microsoft.Jet.OLEDB.4.0;" +
"Data Source=" + Database);
conn.Open();
OleDbCommand command = conn.CreateCommand();
string strSQL;
// this insert data to user table
strSQL = "Insert into tblUserLogin " +
"(UserName, UserPassword, SecurityLevel) values ('" +
UserName + "', '" + UserPassword + "', " + SecurityLevel + "')";
// this gives a command to get or set values
command.CommandType = CommandType.Text;
command.CommandText = strSQL;
// This sql statements brings out the affacted rows
command.ExecuteNonQuery();
// closes the connection
conn.Close();
userSaved = true;
}
catch (Exception ex)
{
userSaved = false;
}
return userSaved;
}
FILE frmManageUsers.aspx.cs:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class frmManageUsers : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnAddUser_Click(object sender, EventArgs e)
{
string userName, userPassword;
if (txtUserName.Text == "" || txtUserName.Text == null)
{
lblUserError.Text = ("User Name may not be empty");
lblUserError.ForeColor = System.Drawing.Color.Red;
return;
}
else
userName = (txtUserName.Text);
if (txtPassword.Text == "" || txtPassword.Text == null)
{
lblUserError.Text = ("Password may not be empty");
lblUserError.ForeColor = System.Drawing.Color.Red;
return;
}
else
{
userPassword = (txtPassword.Text);
}
// clsDataLayer.SaveUser(Server.MapPath("PayrollSystem_DB.mdb"), Session["txtUserName"].ToString(), Session["txtPassword"].ToString(), Session["drpdwnlstSecurityLevel"].ToString());
clsDataLayer.SaveUser(
Server.MapPath("PayrollSystem_DB.mdb"),
txtUserName.Text,
txtPassword.Text,
drpdwnlstSecurityLevel.SelectedValue
);
Server.Transfer("frmManageUsers.aspx");
}
}
FILE frmManageUsers.aspx:
<%@ Page Language="C#" AutoEventWireup="true" CodeFile="frmManageUsers.aspx.cs" Inherits="frmManageUsers" %>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head id="Head1" runat="server">
<title></title>
</head>
<body>
<form id="form1" runat="server">
<div align="center">
<a href="frmMain.aspx">
<font color="black" size="2" style="text-align: center"><strong>
<font color="blue" face="Comic Sans MS" size="4">Cool</font>
<font color="#ff6600" face="Comic Sans MS" size="4">Biz</font>
<font face="Comic Sans MS" size="4"> <font color="#993366">Productions</font>,
Inc.</font></strong></font>
</a>
<br />
<br />
<asp:Label ID="Label1" runat="server" Text="Manage Users"></asp:Label>
<br />
<asp:Label ID="Label2" runat="server" Text="User Name: "></asp:Label>
<asp:TextBox ID="txtUserName" runat="server"></asp:TextBox>
<br />
<asp:Label ID="Label3" runat="server" Text="Password: "></asp:Label>
<asp:TextBox ID="txtPassword" runat="server"></asp:TextBox>
<br />
<asp:Label ID="lblUserError" runat="server"></asp:Label>
<br />
<asp:Label ID="Label4" runat="server" Text="Security Level: "></asp:Label>
<asp:DropDownList ID="drpdwnlstSecurityLevel" runat="server"
DataSourceID="SqlDataSource2" DataTextField="SecurityLevel"
DataValueField="SecurityLevel">
<asp:ListItem></asp:ListItem>
<asp:ListItem></asp:ListItem>
</asp:DropDownList>
<asp:SqlDataSource ID="SqlDataSource2" runat="server"
ConnectionString="<%$ ConnectionStrings:PayrollSystem_DBConnectionString %>"
ProviderName="<%$ ConnectionStrings:PayrollSystem_DBConnectionString.ProviderName %>"
SelectCommand="SELECT [SecurityLevel] FROM [tblUserLogin]">
</asp:SqlDataSource>
<br />
<br />
<asp:Button ID="btnAddUser" runat="server" onclick="btnAddUser_Click"
Text="Add User" />
<br />
<br />
<asp:GridView ID="grdUserLogin" runat="server" AutoGenerateColumns="False"
DataSourceID="SqlDataSource1">
<Columns>
<asp:BoundField DataField="UserID" HeaderText="UserID" InsertVisible="False"
SortExpression="UserID" />
<asp:BoundField DataField="UserName" HeaderText="UserName"
SortExpression="UserName" />
<asp:BoundField DataField="UserPassword" HeaderText="UserPassword"
SortExpression="UserPassword" />
<asp:BoundField DataField="SecurityLevel" HeaderText="SecurityLevel"
SortExpression="SecurityLevel" />
</Columns>
</asp:GridView>
<br />
<asp:SqlDataSource ID="SqlDataSource1" runat="server"
ConnectionString="<%$ ConnectionStrings:PayrollSystem_DBConnectionString %>"
InsertCommand="INSERT INTO [tblUserLogin] ([UserID], [UserName], [UserPassword], [SecurityLevel]) VALUES (?, ?, ?, ?)"
ProviderName="<%$ ConnectionStrings:PayrollSystem_DBConnectionString.ProviderName %>"
SelectCommand="SELECT * FROM [tblUserLogin]">
<InsertParameters>
<asp:Parameter Name="UserID" Type="Int32" />
<asp:Parameter Name="UserName" Type="String" />
<asp:Parameter Name="UserPassword" Type="String" />
<asp:Parameter Name="SecurityLevel" Type="String" />
</InsertParameters>
</asp:SqlDataSource>
</div>
</form>
</body>
</html>
答案 0 :(得分:4)
您是否将这些值存储在Session中?如果您发布的代码位于代码隐藏中,您应该能够直接访问这些值:
clsDataLayer.SaveUser(
Server.MapPath("PayrollSystem_DB.mdb"),
txtUserName.Text,
txtPassword.Text,
drpdwnlstSecurityLevel.SelectedValue
);
此外,您应该强烈考虑将SQL与参数一起使用而不是连接到avoid SQL Injection:
strSQL = "Insert into tblUserLogin " +
"(UserName, UserPassword, SecurityLevel) " +
"values (@UserName, @UserPassword, @SecurityLevel)";
当你在这里时,也要做以下事情:
OleDbConnection和OleDbCommand换入using块catch块中显示异常消息,不要只返回false