ASP.NET / VB.NET/SQL Server 2012 - 页面继续加载

时间:2013-03-31 14:37:17

标签: asp.net sql-server vb.net

我正在尝试运行此代码,每当我按下“注册”按钮时,没有任何事情发生(页面就像加载但保持在同一页面上)

代码:

 Public Sub register()



    Dim Username As String = txtUsername.Text
    Dim Surname As String = txtSurname.Text
    Dim Password As String = txtPassword.Text
    Dim Name As String = txtName.Text
    Dim Address1 As String = txtAddress1.Text
    Dim Address2 As String = txtAddress2.Text
    Dim City As String = txtCity.Text
    Dim Email As String = txtEmail.Text
    Dim Country As String = drpCountry.Text
    Dim DOB As Date = calDOB.SelectedDate
    Dim Occupation As String = txtOccupation.Text
    Dim WorkLocation As String = txtWorkLocation.Text
    Dim Age As Integer = Date.Today.Year - calDOB.SelectedDate.Year


    Dim ProjectManager As String = "N/A"
    Dim TeamLeader As String = "N/A"
    Dim TeamLeaderID As Integer = "1"
    Dim ProjectManagerID As Integer = "1"

    Dim RegistrationDate As Date = DateTime.Today
    Dim ContractType As String = "N/A"
    Dim ContractDuration As Integer = 6
    Dim Department As String = "N/A"

    Dim conn As New SqlConnection("Data Source=BRIAN-PC\SQLEXPRESS;Initial Catalog=master_db;Integrated Security=True")
    Dim registerSQL As SqlCommand
    Dim sqlComm As String

    Dim validateSQL As SqlCommand

    Dim sqlValidate As String

    sqlValidate = "SELECT * FROM users  where username=" + txtUsername.Text.ToString

    sqlComm = "INSERT INTO users(Username, Password, Name, Surname, Address1, Address2, " +
        "City, Country, date_of_birth, age, Occupation, department, work_location, " +
        "project_manager,team_leader, team_leader_id, project_manager_id, " +
        "date_registration, contract_type, contract_duration) " +
        "VALUES(@p1, @p2,@p3,@p4,@p5,@p6,@p7,@p8,@p9,@p10,@p11,@p12,@p13,@p14,@p15," +
        "@p16,@p17,@p18,@p19,@p20)"

    conn.Open()

    validateSQL = New SqlCommand(sqlValidate, conn)
    Dim dr As SqlDataReader = validateSQL.ExecuteReader()

    If dr.HasRows = False Then


        validateSQL = New SqlCommand(sqlValidate, conn)
        validateSQL.CommandText = sqlValidate

        Dim reader As SqlDataReader = validateSQL.ExecuteReader()
        reader.Read()

        registerSQL = New SqlCommand(sqlComm, conn)
        registerSQL.Parameters.AddWithValue("@p1", Username)
        registerSQL.Parameters.AddWithValue("@p2", Password)
        registerSQL.Parameters.AddWithValue("@p3", Name)
        registerSQL.Parameters.AddWithValue("@p4", Surname)
        registerSQL.Parameters.AddWithValue("@p5", Address1)
        registerSQL.Parameters.AddWithValue("@p6", Address2)
        registerSQL.Parameters.AddWithValue("@p7", City)
        registerSQL.Parameters.AddWithValue("@p8", Country)
        registerSQL.Parameters.AddWithValue("@p9", DOB)
        registerSQL.Parameters.AddWithValue("@p10", Age)
        registerSQL.Parameters.AddWithValue("@p11", Occupation)
        registerSQL.Parameters.AddWithValue("@p12", Department)
        registerSQL.Parameters.AddWithValue("@p13", WorkLocation)
        registerSQL.Parameters.AddWithValue("@p14", ProjectManager)
        registerSQL.Parameters.AddWithValue("@p15", TeamLeader)
        registerSQL.Parameters.AddWithValue("@p16", TeamLeaderID)
        registerSQL.Parameters.AddWithValue("@p17", ProjectManagerID)
        registerSQL.Parameters.AddWithValue("@p18", RegistrationDate)
        registerSQL.Parameters.AddWithValue("@p19", ContractType)
        registerSQL.Parameters.AddWithValue("@p20", ContractDuration)

        registerSQL.ExecuteNonQuery()

        conn.Close()

    ElseIf dr.HasRows = True Then


        lblUsername.Text = "That Username (" + txtUsername.Text + ") is already registered/taken."
        lblUsername.Visible = True
        conn.Close()

    End If


End Sub

按钮事件处理程序:

Protected Sub btnRegister_Click(sender As Object, e As EventArgs) Handles btnRegister.Click

    register()


End Sub

代码有问题吗?

1 个答案:

答案 0 :(得分:0)

From MSDN

  

在使用SqlDataReader时,关联的SqlConnection是   忙于服务SqlDataReader,没有其他操作可以   在SqlConnection上执行而不是关闭它。情况就是这样   直到调用SqlDataReader的Close方法。例如,   在调用Close之前,您无法检索输出参数。

当您尝试执行insert命令时,似乎已打开SqlDataReader 在使用insert命令

之前,我会尝试关闭它 
If dr.HasRows = False Then
    dr.Close()

    ' The following lines are probably a remainder of a copy/paste operation'
    ' They are not needed and you should remove them'

    'validateSQL = New SqlCommand(sqlValidate, conn)'
    'validateSQL.CommandText = sqlValidate'
    'Dim reader As SqlDataReader = validateSQL.ExecuteReader()'
    'reader.Read()'

    ' Now execute the insert command

除了性能参数之外,检查用户存在的命令是错误的,因为引入了Sql Injection可能性。

总结试试这些变化...... 

 sqlValidate = "SELECT * FROM users  where username=@uname"
 validateSQL = New SqlCommand(sqlValidate, conn)
 validateSQL.Parameters.AddWithValue("@uname", txtUserName.Text)
 Dim dr As SqlDataReader = validateSQL.ExecuteReader()
 Dim userFound = dr.HasRows
 dr.Close()
 if userFound = False then
    ......
相关问题
最新问题