我只是不知道如何检查用户是否存在于数据库中并阻止它向db插入新行(这会导致错误,因为我将用户设置为主键)
protected void Button1_Click1(object sender, EventArgs e)
{
{
OleDbConnection myconnection = new OleDbConnection();
myconnection.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|Event.mdb";
myconnection.Open();
OleDbCommand myCommand = new OleDbCommand();
myCommand.Connection = myconnection;
myCommand.CommandType = CommandType.Text;
string query = string.Format("SELECT COUNT(*) FROM users WHERE uname = '{0}'");
myCommand.CommandText = query;
try
{
int amountOfUsers = (int)myCommand.ExecuteScalar();
if (amountOfUsers < 1)
{
String myQuery = "insert into users (uname,upassword,email,type) Values ('" + UserName.Text + "','" + Password.Text + "' ,'" + Email.Text + "',' user');";
myCommand.CommandText = myQuery;
myCommand.ExecuteNonQuery();
Label1.Text = "user registered";
}
else
{
Label1.Text = "user already exists";
UserName.Text = "";
Email.Text = "";
}
}
finally
{
myconnection.Close();
}
}
}
答案 0 :(得分:0)
你的问题根本不清楚,但我可以提出一些建议......
首先,我认为您忘记使用uname
作为第二个参数:
string query = string.Format("SELECT COUNT(*) FROM users WHERE uname = '{0}'");
线。您使用了{0}
但从未将任何值指向此参数。 (我假设您没有名为{0}
的用户名);赞;
string query = string.Format("SELECT COUNT(*) FROM users WHERE uname = '{0}'", UserName.Text);
作为第二个,请始终使用parameterized queries。这种字符串连接对 SQL Injection attakcs开放。
像;
String myQuery = "insert into users (uname,upassword,email,type) Values (@uname, @upassword, @email, @type)";
OleDbCommand myCommand = new OleDbCommand(myQuery);
myCommand.Parameters.AddWithValue("@uname", UserName.Text);
myCommand.Parameters.AddWithValue("@upassword", Password.Text);
myCommand.Parameters.AddWithValue("@uname", Email.Text);
myCommand.Parameters.AddWithValue("@uname", "user");
我想检查UserName.Text中的用户名是否可用 数据库或否,如果我想停止插入新数据
首先应使用SELECT
检查您的用户名是否存在于数据库中或不是;
string query = string.Format("SELECT * FROM users WHERE uname = '{0}'", UserName.Text);
OleDbCommand myCommand = new OleDbCommand();
myCommand.CommandText = query;
SqlDataReader reader = myCommand.ExecuteReader();
if(reader.HasRows)
{
//Your username exist in your database
}
else
{
//Doesn't exist
}
答案 1 :(得分:0)
更正您的查询:
query = string.Format("SELECT COUNT(*) FROM users WHERE uname = '{0}'" ,UserName.Text );
答案 2 :(得分:0)
您缺少参数uname,您已将UserName文本框的文本传递给uname
例如
"SELECT COUNT(*) FROM users WHERE uname='" + UserName.Text +"'