存储过程中的ExecuteNonQuery导致它被删除

时间:2010-03-10 13:30:55

标签: c# sql-server stored-procedures

这是一个奇怪的。我有一个Dev SQL Server,它上面有存储过程,当与UAT DB上的相同代码一起使用时,相同的存储过程导致它自己删除!

有没有人听说过这种行为?

SQL代码

-- Check if user is registered with the system
IF OBJECT_ID('dbo.sp_is_valid_user') IS NOT NULL
BEGIN
  DROP PROCEDURE dbo.sp_is_valid_user
  IF OBJECT_ID('dbo.sp_is_valid_user') IS NOT NULL
    PRINT '<<< FAILED DROPPING PROCEDURE dbo.sp_is_valid_user >>>'
  ELSE
    PRINT '<<< DROPPED PROCEDURE dbo.sp_is_valid_user >>>'
END
go

create procedure dbo.sp_is_valid_user

@username as varchar(20),
@isvalid as int OUTPUT

AS 
BEGIN

    declare @tmpuser as varchar(20) 

    select @tmpuser = username from CPUserData where username = @username

    if @tmpuser = @username
        BEGIN
        select @isvalid = 1
        END
    else
    BEGIN
    select @isvalid = 0
        END

END
GO

用法示例

DECLARE @isvalid int
exec dbo.sp_is_valid_user 'username', @isvalid OUTPUT
SELECT valid = @isvalid

使用示例全天工作......当我通过C#访问它时,它会在UAT SQL DB中删除自己,但不会删除Dev!

C#代码

    public bool IsValidUser(string sUsername, ref string sErrMsg)
    {
        string sDBConn = ConfigurationSettings.AppSettings["StoredProcDBConnection"];

        SqlCommand sqlcmd = new SqlCommand();
        SqlDataAdapter sqlAdapter = new SqlDataAdapter();

        try
        {
            SqlConnection conn = new SqlConnection(sDBConn);
            sqlcmd.Connection = conn;
            conn.Open();

            sqlcmd.CommandType = CommandType.StoredProcedure;
            sqlcmd.CommandText = "sp_is_valid_user";

            // params to pass in 
            sqlcmd.Parameters.AddWithValue("@username", sUsername);

            // param for checking success passed back out 
            sqlcmd.Parameters.Add("@isvalid", SqlDbType.Int);
            sqlcmd.Parameters["@isvalid"].Direction = ParameterDirection.Output;

            sqlcmd.ExecuteNonQuery();

            int nIsValid = (int)sqlcmd.Parameters["@isvalid"].Value;

            if (nIsValid == 1)
            {
                conn.Close();
                sErrMsg = "User Valid";
                return true;
            }
            else
            {
                conn.Close();
                sErrMsg = "Username : " + sUsername + " not found.";
                return false;
            }
        }
        catch (Exception e)
        {
            sErrMsg = "Error :" + e.Source + " msg: " + e.Message;
            return false;
        }
    }

1 个答案:

答案 0 :(得分:2)

好的,我找到了答案......当你知道怎么做时很简单!

我在这里看到了这个链接:

消失的存储过程

Disappearing Stored Procedure

所以从我跑的最佳答案开始:

select syo.name
from syscomments syc
  join sysobjects syo on
    syo.id = syc.id
where syc.[text] like '%DROP PROC%'

这给了我一个我的其他存储过程... sp_is_user_admin,这似乎不对,所以我快速看了......

create procedure dbo.sp_is_user_admin
@username as varchar(20),
@isadmin as int OUTPUT
AS 
BEGIN

    declare @profile as varchar(20)

    select @profile = profile from CPUserData where username = @username

    if @profile = 'admin'
        BEGIN
        select @isadmin = 1
        END
    else
        BEGIN
        select @isadmin = 0
        END

END

--*********************************************************************************

-- Check if user is registered with the system
IF OBJECT_ID('dbo.sp_is_valid_user') IS NOT NULL
BEGIN
    DROP PROCEDURE dbo.sp_is_valid_user
    IF OBJECT_ID('dbo.sp_is_valid_user') IS NOT NULL
        PRINT '<<< FAILED DROPPING PROCEDURE dbo.sp_is_valid_user >>>'
    ELSE
        PRINT '<<< DROPPED PROCEDURE dbo.sp_is_valid_user >>>'
END

卫生署!!!在C#中有更强大的......如果用户有效,我还会根据他们是否是管理员选择让他们看到的内容,并调用sp_is_valid_user proc。令人讨厌的副作用!

// check the user is entitled to use the system at all 
if (usrData.IsValidUser(sCurrentUserName, ref sErrMsg))
{
    // if the user is admin then let them spoof and edit their own data 
    if (usrData.UserIsAdmin(sCurrentUserName, ref sErrMsg))
    {
        chkSpoof.Visible = true;
        grdvwUserDataFromDB.Visible = true;
    }
}
else
{
    // redirect them away
    Response.Redirect("UserNotRegistered.aspx");
    return;

}

我希望这可以帮助其他人!

PS:DB Artisan 讨厌如果我在我的开发工具包中有完整的胖SQL服务器,那么我想我可以使用分析器看到这个被调用。 ; P我无法安装SQL Server 2008,因为我没有对Visual Studio进行正确的SP /更新我觉得这里的IT无法解决它,烦人!!