注册允许Access中的重复用户名

时间:2014-09-25 00:37:39

标签: c#

我的注册表单中的检查用户名密码存在问题。当我倾向于注册与我的数据库(Access)中已有的用户名和密码相同时,它仍允许注册。我只想抓住它,我不知道该怎么做。

我想输出的是,我想要一个说“账户存在,再试一次!”的陷阱。或“用户名存在!”

   using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using  System.Linq; using System.Text; using System.Windows.Forms; using    System.Data.OleDb; using System.Text.RegularExpressions;
   namespace Login {    public partial class Register : Form    {
   private OleDbConnection personalConn;
   private OleDbCommand oleDbCmd = new OleDbCommand();
   private String connParam = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\Majel\Tic Tac    Toe\Database\data.accdb";

   public Register()
   {
       personalConn = new OleDbConnection(connParam);
       InitializeComponent();
   }

   private void button1_Click(object sender, EventArgs e)
   {
       try
       {
           personalConn.Open();
           oleDbCmd.Connection = personalConn;

           if (textBox1.Text != "" && textBox2.Text != "")
           {
               int temp;
               oleDbCmd.CommandText = "INSERT INTO data(Users,Pass) Values('" + this.textBox1.Text.ToString() + "','" +   this.textBox2.Text + "');";

               temp = oleDbCmd.ExecuteNonQuery();

               if (temp > 0)
               {
                   textBox1.Text = null;
                   textBox2.Text = null;
                   MessageBox.Show("Registration Success!");
                   this.Hide();

                   Form1 frm = new Form1();
                   frm.Show(); 
               } 
               personalConn.Close();
           }                  
       }  
       catch (Exception)
       {   
           MessageBox.Show("Invalid!, Duplicate Data.");  
       }  
   }
  

注意:textBox1 =用户名            textBox2 =密码非常感谢您的关注。非常感谢你。

4 个答案:

答案 0 :(得分:0)

您几乎从不使用数据(在本例中为用户名)作为数据库中记录的主键。很可能,您的访问数据库设置方式相同。

这意味着DBMS层没有任何内容可以阻止这种情况发生,而不是将用户名作为主键(不推荐)。

解决方案是执行SELECT查询以获取具有该用户名的记录计数,并且只有在计数为0时才允许插入。您可能能够编写触发器来执行此操作为了你,并让DBMS“拒绝”插入,但考虑到你的(明显)数据库级别,我不会在这一点上尝试。

要计算:

  

SELECT Count(*)FROM Users WHERE userName = @ userName

此处的参数化查询至关重要以防止SQL注入。

答案 1 :(得分:0)

using System; 
using System.Collections.Generic; 
using System.ComponentModel; 
using System.Data; 
using System.Drawing; 
using  System.Linq; 
using System.Text; 
using System.Windows.Forms; 
using    System.Data.OleDb; 
using System.Text.RegularExpressions;


namespace Login 
{    

   public partial class Register : Form    
   {




   public Register()
   {

       InitializeComponent();
   }

   private void button1_Click(object sender, EventArgs e)
   {
       try
       {
           if(text1Box1.Text == "" || textBox2.Text == "")
           {
                MessageBox.Show("Mandatory fields password or user is empty");
                retrun; //I'm not sure if this return is need. Remove it if MessageBox "breaks" the execution of the code below.
           }
           OleDbCommand cmd = new OleDbCommand(@"Select * from Data where User=@User");
           cmd.Parameters.AddWithValue("@User", textBox1.Text);


           DataSet dst = SqlManager.GetDataSet(cmd, "Data");

           if(dst.Tables[0].Rows > 0)
           {
               MessageBox.Show("User already exist");
               return; //again i'm not sure that this return is needed.
           }

           Insert("Data", "User", textBox1.Text, "Pass", textBox2.Text);         

           textBox1.Text = null;
           textBox2.Text = null;
           MessageBox.Show("Registration Success!");
           this.Hide();

           Form1 frm = new Form1();
           frm.Show();

       }  
       catch (Exception ex)
       {   
           MessageBox.Show(ex.Message);  
       }
   }

你需要1个类使它成为SqlManager。

  public class SqlManager
  {
      private String connectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;Data Source=E:\Majel\Tic Tac    Toe\Database\data.accdb";


      public static GetOleDbConnection(OleDbCommand cmd)
      {
          if(cmd.Connection == null)
          {
               OleDbConnection conn = new OleDbConnection(connectionString);
               conn.Open();
               cmd.Connection = conn;
               return conn;
          }

          return cmd.Connection;
      }

      public static int ExecuteNonQuery(SqlCommand cmd)
      {
           OleDbConnection conn = GetSqlConnection(cmd);

           try
           {
              return cmd.ExecuteNonQuery();
           }
           catch
           {
              throw;
           }
           finally
           {
              conn.Close();
           }

      }
    public static DataSet GetDataSet(SqlCommand cmd)
    {
        return GetDataSet(cmd, "Table");
    }

    public static DataSet GetDataSet(SqlCommand cmd, string defaultTable)
    {
        OleDbConnection conn = GetSqlConnection(cmd);

        try
        {
            DataSet resultDst = new DataSet();

            using (OleDbDataAdapter adapter = new OleDbDataAdapter(cmd))
            {
                adapter.Fill(resultDst, defaultTable);
            }

            return resultDst;
        }
        catch
        {
            throw;
        }
        finally
        {
            conn.Close();
        }
    }


  }

以下是您可以在表单类中添加的另一种方法:

  public virtual void Insert(string TableName, params object[] colValues)
    {
        if (colValues == null || colValues.Length % 2 != 0)
            throw new ArgumentException("Invalid column values passed in. Expects pairs (ColumnName, ColumnValue).");

        OleDbCommand cmd = new OleDbCommand("INSERT INTO " + TableName + " ( {0} ) VALUES ( {1} )");

        string insertCols = string.Empty;
        string insertParams = string.Empty;

        for (int i = 0; i < colValues.Length; i += 2)
        {
            string separator = ", ";
            if (i == colValues.Length - 2)
                separator = "";

            string param = "@P" + i;

            insertCols += colValues[i] + separator;
            insertParams += param + separator;

            cmd.Parameters.AddWithValue(param, colValues[i + 1]);
        }

        cmd.CommandText = string.Format(cmd.CommandText, insertCols, insertParams);

        DA.SqlManager.ExecuteNonQuery(cmd);
    }

像其他人一样告诉你在这种情况下使用参数你将避免sql注入。请阅读维基百科。另外我为你的程序添加了一些结构,它并不完美,但我应该写更多。这里可能有一些拼写错误,因为我在这里写了代码。如何进行检查,从textbox1.Text中为用户提取数据库中的数据。如果dataSet具有行,则表示此时现有用户具有此名称。如果您不知道什么是数据集,请阅读System.Data。

您应该学会在其他课程中编写数据访问权限!

答案 2 :(得分:0)

以下是MSDN Reference中提到的?占位符使用oledbcommand参数的代码。我还添加了using块,它应该隐式关闭打开的连接。

using(OleDbConnection con = new OleDbConnection(connParam))
using(OleDbCommand cmd = new OleDbCommand("select count(*) from data where Users = ?"))
{
     con.Open();    
     cmd.Connection = con;              
     cmd.Parameters.AddWithValue("@UserName", textBox1.Text);        
     object objRes = cmd.ExecuteScalar();

     if (objRes == null || (int)objRes == 0)
     {
        cmd.Parameters.Clear();
        cmd.CommandText = "INSERT INTO data (Users,Pass) values(?, ?);";
        cmd.Parameters.AddWithValue("@Users", textBox1.Text);
        cmd.Parameters.AddWithValue("@Pass", textBox2.Text);
        int iRes = cmd.ExecuteNonQuery();
        if(iRes > 0)
            MessageBox.Show("Registration Success!");
     }
     else
       errorProvider2.SetError(textBox1, "This username has been using by another user.");
}

答案 3 :(得分:0)

使用现有代码尝试此操作:

oleDbCmd.CommandText = "INSERT INTO data(Users,Pass) Values('" + this.textBox1.Text.ToString() + "','" +   this.textBox2.Text + "') SELECT '" + this.textBox1.Text.ToString() + "','" +   this.textBox2.Text + "' WHERE NOT EXISTS(SELECT Users,Pass FROM data WHERE Users='" + this.textBox1.Text.ToString() +"');";

temp = oleDbCmd.ExecuteNonQuery();

if (temp > 0)
           {
               textBox1.Text = null;
               textBox2.Text = null;
               MessageBox.Show("Registration Success!");
               this.Hide();

               Form1 frm = new Form1();
               frm.Show(); 
           } 
else
          {
            MessageBox.Show("Username is already Present !!!");
          }

如果用户名已存在于数据中,则返回0

相关问题
最新问题