我有一个提交页面,我需要限制用户在特定时间段内尝试的尝试次数。
调用存储过程来检查database1中的某些数据,并记录IP地址以及将表单提交到database2的日期/时间。
我需要做的就是检查该IP地址在30分钟内记录了多少次尝试,如果该次数超过5,则限制进一步提交尝试。
这是我的VB代码:
Protected Sub btn_Cont_Click(sender As Object, e As EventArgs) Handles btn_Cont.Click
Dim StudentIDLast4 As Integer = Val(textSSN.Text)
Dim StudentIDInst As String = textSID.Text.ToUpper
Dim DateOfBirth As String = textDOB.Text
Dim IPaddress As String = Request.UserHostAddress()
Dim sqlConnection1 As New SqlConnection("Data Source=(localdb)\v11.0;Initial Catalog=tempdb;Integrated Security=True")
Dim cmd As New SqlCommand
Dim returnValue As String
Dim returnCount As Integer
cmd.CommandText = "proc_ReverseTransferConsent_Find_Match"
cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@StudentIDLast4", StudentIDLast4)
cmd.Parameters.AddWithValue("@StudentIDInst", StudentIDInst)
cmd.Parameters.AddWithValue("@DateOfBirth", DateOfBirth)
cmd.Parameters.AddWithValue("@IPaddress", IPaddress)
cmd.Connection = sqlConnection1
Dim sqlConnection2 As New SqlConnection("Data Source=(localdb)\v11.0;Initial Catalog=tempdb;Integrated Security=True")
Dim attempts As String
Dim comm As New SqlCommand("SELECT [Count] = COUNT(*) FROM ReverseTransferConsent_Attempt WHERE IPaddress = @IPaddress AND CreatedDate > DATEADD(MINUTE, -30, GETDATE())")
Dim ap As New SqlDataAdapter(comm.CommandText, sqlConnection1)
Dim ds As New DataSet()
comm.Parameters.AddWithValue("@IPaddress", IPaddress)
If Page.IsValid Then
sqlConnection2.Open()
ap.Fill(ds)
attempts = ds.Tables(0).Rows.Count.ToString()
sqlConnection2.Close()
sqlConnection1.Open()
returnValue = Convert.ToString(cmd.ExecuteScalar())
sqlConnection1.Close()
returnCount = returnValue.Length
If attempts <= 5 Then
If returnCount > 4 Then
Response.Redirect("RTAgreement.aspx?rVal=" + returnValue)
Else
Label2.Text = StudentIDInst
End If
ElseIf attempts > 5 Then
Label2.Text = "Only 5 submission attempts allowed per 30 minutes"
End If
End If
End Sub
它给了我错误:
System.Data.dll中出现'System.Data.SqlClient.SqlException'类型的异常,但未在用户代码中处理
附加信息:必须声明标量变量“@IPaddress”。
我使用AddWithValue声明了变量。这不正确吗?
答案 0 :(得分:2)
问题是您只使用命令文本实例化SqlDataAdapter(传递查询但不传递参数),因此它没有传递参数:
Dim ap As New SqlDataAdapter(comm.CommandText, sqlConnection1)
您应该使用该命令,并实例化您传递连接的命令:
Dim comm As New SqlCommand("SELECT [Count] = COUNT(*) FROM ReverseTransferConsent_Attempt WHERE IPaddress = @IPaddress AND CreatedDate > DATEADD(MINUTE, -30, GETDATE())", sqlConnection1)
Dim ap As New SqlDataAdapter(comm)
答案 1 :(得分:1)
您可能有一个SQL Server实例区分大小写。你能检查一下proc_ReverseTransferConsent_Find_Match存储过程中如何定义IPAddress参数吗?
答案 2 :(得分:0)
仅供其他可能遇到类似问题或可能尝试完成找到此主题的相同任务的人参考。
这是我必须做的才能让它正确计数而不是每次都返回1:
Dim sqlConnection2 As New SqlConnection("Data Source=(localdb)\v11.0;Initial Catalog=tempdb;Integrated Security=True")
Dim attempts As String = ""
Dim comm As New SqlCommand("SELECT [Count] = COUNT(*) FROM ReverseTransferConsent_Attempt WHERE IPaddress = @IPaddress AND CreatedDate > DATEADD(MINUTE, -30, GETDATE())", sqlConnection1)
comm.Parameters.AddWithValue("@IPaddress", IPaddress)
comm.Connection = sqlConnection2
If Page.IsValid Then
sqlConnection2.Open()
attempts = Convert.ToString(comm.ExecuteScalar())
sqlConnection2.Close()