检查用户是否存在,并停止数据库插入(访问数据库)

时间:2013-12-24 12:55:59

标签: c# asp.net

我只是不知道如何检查用户是否存在于数据库中并阻止它向db插入新行(这会导致错误,因为我将用户设置为主键)

protected void Button1_Click1(object sender, EventArgs e)
{
    {

        OleDbConnection myconnection = new OleDbConnection();
        myconnection.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=|DataDirectory|Event.mdb";
        myconnection.Open();

        OleDbCommand myCommand = new OleDbCommand();
        myCommand.Connection = myconnection;
        myCommand.CommandType = CommandType.Text;
        string query = string.Format("SELECT COUNT(*) FROM users WHERE uname = '{0}'");
        myCommand.CommandText = query;
        try
        {

            int amountOfUsers = (int)myCommand.ExecuteScalar();
            if (amountOfUsers < 1)
            {
                String myQuery = "insert into users (uname,upassword,email,type) Values   ('" + UserName.Text + "','" + Password.Text + "' ,'" + Email.Text + "',' user');";
                myCommand.CommandText = myQuery;
                myCommand.ExecuteNonQuery();
                Label1.Text = "user registered";
            }
            else
            {
                Label1.Text = "user already exists";
                UserName.Text = "";

                Email.Text = "";
            }
        }
        finally
        {
            myconnection.Close();
        }
    }
}

3 个答案:

答案 0 :(得分:0)

你的问题根本不清楚,但我可以提出一些建议......

首先,我认为您忘记使用uname作为第二个参数:

string query = string.Format("SELECT COUNT(*) FROM users WHERE uname = '{0}'");

线。您使用了{0}但从未将任何值指向此参数。 (我假设您没有名为{0}的用户名);赞; 

string query = string.Format("SELECT COUNT(*) FROM users WHERE uname = '{0}'", UserName.Text);

作为第二个,请始终使用parameterized queries。这种字符串连接对 SQL Injection attakcs开放。

像; 

String myQuery = "insert into users (uname,upassword,email,type) Values (@uname, @upassword, @email, @type)";
OleDbCommand myCommand = new OleDbCommand(myQuery);
myCommand.Parameters.AddWithValue("@uname", UserName.Text);
myCommand.Parameters.AddWithValue("@upassword", Password.Text);
myCommand.Parameters.AddWithValue("@uname", Email.Text);
myCommand.Parameters.AddWithValue("@uname", "user");
  

我想检查UserName.Text中的用户名是否可用   数据库或否,如果我想停止插入新数据

首先应使用SELECT检查您的用户名是否存在于数据库中或不是; 

string query = string.Format("SELECT * FROM users WHERE uname = '{0}'", UserName.Text);
OleDbCommand myCommand = new OleDbCommand();
myCommand.CommandText = query;
SqlDataReader reader = myCommand.ExecuteReader();
if(reader.HasRows)
{
  //Your username exist in your database
}
else
{
  //Doesn't exist
}

答案 1 :(得分:0)

更正您的查询:

query = string.Format("SELECT COUNT(*) FROM users WHERE uname = '{0}'" ,UserName.Text );

答案 2 :(得分:0)

您缺少参数uname,您已将UserName文本框的文本传递给uname

例如

"SELECT COUNT(*) FROM users WHERE uname='" + UserName.Text +"'
相关问题
最新问题