以下是我参加的数据库课程。它是SQL Server上的存储过程。目的是防止不良数据进入数据库。由于某种原因,下面的三个if语句,引发和错误,但仍然将数据放入数据库。我无法弄清楚为什么。这不再适用于班级,而是因为我自己的个人知识,因为作业已经评级。
那么,为什么IsNumeric(@CC)= 0和Len(@CC)< 12仍然允许数据进入数据库,即使错误被提出(我相信@cc null检查也允许坏数据)。提前谢谢。
USE [CIS6**]
GO
/****** Object: StoredProcedure [dbo].[sp_insertCC] Script Date: 5/20/2014 1:14:05 PM ******/
SET ANSI_NULLS ON
GO
SET QUOTED_IDENTIFIER ON
GO
-- =============================================
-- Author: <Author,,Name>
-- Create date: <Create Date,,>
-- Description: <Description,,>
-- =============================================
ALTER PROCEDURE [dbo].[sp_insertCC]
-- Add the parameters for the stored procedure here
@clientID int, @CC varchar(16), @expDate varchar(10), @lastFour varchar(4)
AS
If @clientID is Null or @clientID=''
Begin
RAISERROR('clientId cannot be null or empty', 16, 20)
End
Else
If ISNUmeric(@clientID)=0
Begin
RAISERROR('clientID must be a number', 16, 21)
End
Else
If Not Exists (Select ClientID from CreditCard Where ClientID=@clientID)
Begin
RAISERROR('clientId is not in the records.', 16, 22)
End
Else
If @CC is Null or @CC=''
Begin
Raiserror('Credit Card number must have a value.', 16, 30)
End
Else
If ISNUMERIC(@CC)=0
Begin
Raiserror('Credit Card number must be a number.', 16, 31)
End
Else
If LEN(@CC) < 12
Begin
RAISERROR('Credit Card Number length too short.', 16, 32)
End
Else
If LEN(@CC) > 19
Begin
RAISERROR('Credit Card Number length too long.', 16, 33)
End
Else
If @expDate='' or @expDate is Null
Begin
Raiserror('Date must have a value.', 16, 40)
End
Else
If ISDATE(@expDate)=0
Begin
Raiserror('Please input a correct date value.', 16, 43)
end
Else
Declare @checkDate date, @todaysdate date;
set @todaysdate=getdate();
set @checkDate= Convert(date, @expDate, 101)
If @checkDate < @todaysdate
Begin
Raiserror('Date in the past.', 16, 41)
End
Else
BEGIN
OPEN SYMMETRIC KEY CreditCardKey DECRYPTION BY certificate CreditCardCert;
INSERT INTO CreditCard VALUES (CIS6**.dbo.HashCC(@CC),
EncryptByKey(Key_GUID('CreditCardKey'), @CC),
@CC, @lastFour, 1, @expDate, @clientID);
IF @@ERROR <> 0
BEGIN
CLOSE SYMMETRIC KEY CreditCardKey;
RETURN(1)
END
ELSE
BEGIN
CLOSE SYMMETRIC KEY CreditCardKey;
RETURN(0)
END
END
答案 0 :(得分:0)
我的意思是您需要在代码中添加BEGIN ... END,如下所示:
Else
BEGIN --<-- THIS ONE
Declare @checkDate date, @todaysdate date;
set @todaysdate=getdate();
set @checkDate= Convert(date, @expDate, 101)
If @checkDate < @todaysdate
Begin
Raiserror('Date in the past.', 16, 41)
End
Else
BEGIN
OPEN SYMMETRIC KEY CreditCardKey DECRYPTION BY certificate CreditCardCert;
INSERT INTO CreditCard VALUES (CIS6**.dbo.HashCC(@CC),
EncryptByKey(Key_GUID('CreditCardKey'), @CC),
@CC, @lastFour, 1, @expDate, @clientID);
IF @@ERROR <> 0
BEGIN
CLOSE SYMMETRIC KEY CreditCardKey;
RETURN(1)
END
ELSE
BEGIN
CLOSE SYMMETRIC KEY CreditCardKey;
RETURN(0)
END
END
END --<-- THIS ONE
如果您的IF ... ELSE Block Sql语句只有1个Sql查询,则不需要包含BEGIN ... END。如果你的IF ... ELSE Block Sql语句有超过1个Sql查询,你需要包含BEGIN ... END让它在你的Sql查询块中执行所有的Sql Query。 (从这里http://sqltutorials.blogspot.com/2007/06/sql-ifelse-statement.html)