我已经创建了asp.net登录表单。问题是我想检查SQL数据库中是否存在用户名,但我甚至无法连接到数据库。错误消息是:
Conversion failed when converting the varchar value 'System.Web.UI.WebControls.TextBox' to data type int.
这是我的代码:
protected void Page_Load(object sender, EventArgs e)
{
lblmessage.Visible = false;
if (!IsPostBack)
{
lblsec.Text = Userutility.generateSecurity();
}
}
protected void registerButton_Click(object sender, EventArgs e)
{
if (txtusername.Text =="" || txtpassword.Text=="" || TextBox2.Text ==""|| sec_code.Text == "" )
{
lblmessage.Text = "لطفا فیلد هارا پر کنید";
lblmessage.Visible = true;
}
else if (!Regex.IsMatch(txtusername.Text,@"^[a-zA-Z]{5,50}$"))
{
lblmessage.Text = "نام کاربری باید حداقل 5 کاراکتر و از کاراکتر های مجاز استفاده شود";
lblmessage.Visible = true;
}
else if (!Regex.IsMatch(txtmail.Text, @"\w+([-+.]\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*"))
{
lblmessage.Text = "ایمیل وارد شده معتبر نمی باشد";
lblmessage.Visible = true;
}
else if (txtpassword.Text != TextBox2.Text)
{
lblmessage.Text = "کلمه عبور شما تطابق ندارد";
lblmessage.Visible = true;
}
else if (Userutility.user_login_exist(txtusername.Text))
{
lblmessage.Text = "این نام کاربری موجود میباشد";
lblmessage.Visible = true;
}
else if (Convert.ToInt16(sec_code.Text) != Convert.ToInt16(Session["sec_code"].ToString()))
{
lblmessage.Text = "عبارت امنیتی صحیح نمی باشد";
lblsec.Text = Userutility.generateSecurity();
lblmessage.Visible = true;
}
else
{
SqlConnection cnn = new SqlConnection("Data Source=.;Initial Catalog=EnglishDB;Integrated Security=true");
SqlCommand cmd = new SqlCommand();
cmd.Connection=cnn;
string sql = @"Insert into student (Username,FirstName,LastName,Age,Major,City,Country,Password,Email,Cellphone)";
sql += " VALUES('{0}','{1}','{2}','{3}','{4}','{5}','{6}','{7}','{8}','{9}')";
sql = string.Format(sql, txtusername, txtlastname, txtlastname, txtage, txtmajor, txtcity, txtcountry, txtpassword, txtmail, txtcellphone);
cnn.Open();
cmd.CommandText = sql;
cmd.ExecuteNonQuery();
cnn.Close();
}
}
答案 0 :(得分:5)
您没有在sql查询中提到TextBox的.Text
属性。相反,你提到控制名称。
string.Format(sql, txtusername.Text ...
更好的方法是使用参数化查询。
using( SqlConnection cnn = new SqlConnection("Data Source=.;Initial Catalog=EnglishDB;Integrated Security=true"))
{
cnn.Open();
SqlCommand cmd = new SqlCommand();
cmd.Connection=cnn;
string sql = @"Insert into student (Username,FirstName,LastName,Age,Major,City,Country,Password,Email,Cellphone)";
sql += " VALUES(@Username,@FirstName,@LastName,@Age,@Major,@City,@Country,@Password,@Email,@Cellphone)";
cmd.CommandText = sql;
cmd.Parameters.AddWithValue(@Username, txtusername.Text);
cmd.Parameters.AddWithValue(@FirstName, txtfirstname.Text);
cmd.Parameters.AddWithValue(@LastName, txtlastname.Text);
cmd.Parameters.AddWithValue(@Age, txtage.Text);
cmd.Parameters.AddWithValue(@Major, txtmajor.Text);
cmd.Parameters.AddWithValue(@City, txtcity.Text);
cmd.Parameters.AddWithValue(@Country, txtcountry.Text);
cmd.Parameters.AddWithValue(@Password, txtpassword.Text);
cmd.Parameters.AddWithValue(@Email, txtmail.Text);
cmd.Parameters.AddWithValue(@Cellphone, txtcellphone.Text);
cmd.ExecuteNonQuery();
}
您似乎也在单引号中为int
赋予价值。 SqlCommand Parameters应该解决所有问题。
答案 1 :(得分:0)
您的年龄字段的数据类型为int
。你从textBox获取它的值,因此是一个字符串,所以你试图将一个字符串插入一个int字段
使用:
int age=int.Parse(txtage);
然后将其作为参数传递:
string sql = @"Insert into student(Username,FirstName,LastName,Age,Major,City,Country,Password,Email,Cellphone) VALUES(@Usr,@Fname,@LastName,@Age,@Major,@City,@Country,@Pass,@Email,@Cell)";
cmd.Parameters.AddWithValue("@Usr",txtusername);
//...
cmd.Parameters.AddWithValue("@age",age);
答案 2 :(得分:-1)
尝试用此替换您的部分代码。
string sql = @"Insert into student (Username,FirstName,LastName,Age,Major,City,Country,Password,Email,Cellphone)";
sql += " VALUES('{0}','{1}','{2}',{3},'{4}','{5}','{6}','{7}','{8}','{9}')";
sql = string.Format(sql, txtusername.Text, txtlastname.Text, txtlastname.Text, txtage.Text, txtmajor.Text, txtcity.Text, txtcountry.Text, txtpassword.Text, txtmail.Text, txtcellphone.Text);