SqlException未处理C#

时间:2015-08-12 13:05:12

标签: c# exception

我正在尝试创建一个注册表单。但是当我点击注册按钮时,我得到异常SqlException was unhandled。几乎我的整个代码工作正常,但我在cmd.ExecuteNonQuery()得到例外。这是我的代码: -

private void buttonSignUp_Click(object sender, EventArgs e)
    {
        if (check())
        {
            SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Suhail\Documents\Database.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True;");
            SqlCommand cmd = new SqlCommand("Insert into Login(Name,Username,Password,[Mobile No.],Email,SecurityQuestion,Answer) values('" + txtName.Text + "','" + txtUsername.Text + "','" + txtPassword.Text + "','" + txtMobileNo.Text + "','" + txtEmail.Text + "','" + comboSecurityQuestion.Text + "','" + txtAnswer.Text + "');", con);
            try
            {
                con.Open();
                cmd.ExecuteNonQuery();
                con.Close();
                MessageBox.Show("Sign Up Successful.");
            }
            catch(Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
        }
        else
        {
            MessageBox.Show("Error");
        }
    }

    public bool check()
    {
        Regex name = new Regex("^[a-zA-Z]+$");
        Regex username = new Regex("^[0-9a-zA-Z]+${3}");
        Regex mobileno = new Regex("^[0-9]{10}");
        Regex email = new Regex("^([0-9a-zA-Z]([-\\.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)+[a-zA-Z]{2,9})$");
        if (name.IsMatch(txtName.Text))
        {

        }
        else
        {
            MessageBox.Show("Name has to contain characters.");
        }
        if (string.IsNullOrWhiteSpace(txtUsername.Text))
        {
            MessageBox.Show("Username cannot be left empty.");
        }
        if (username.IsMatch(txtUsername.Text))
        {

        }
        else
        {
            MessageBox.Show("Username entered is invalid.");
        }
        if (string.IsNullOrWhiteSpace(txtPassword.Text))
        {
            MessageBox.Show("Password cannot be left empty.");
        }
        if (string.IsNullOrWhiteSpace(txtConfirmPassword.Text))
        {
            MessageBox.Show("Confirm Password cannot be left empty.");
        }
        if (string.IsNullOrWhiteSpace(txtMobileNo.Text))
        {
            MessageBox.Show("Mobile No. cannot be left empty.");
        }
        if (mobileno.IsMatch(txtMobileNo.Text))
        {

        }
        else
        {
            MessageBox.Show("Mobile No. entered is Invalid.");
        }
        if (string.IsNullOrWhiteSpace(txtEmail.Text))
        {
            MessageBox.Show("Email cannot be left empty.");
        }
        else if (email.IsMatch(txtEmail.Text))
        {

        }
        else
        {
            MessageBox.Show("Email entered is invalid.");
        }
        if (string.IsNullOrWhiteSpace(txtAnswer.Text))
        {
            MessageBox.Show("Answer to Security Question cannot be left empty.");
        }
        if (name.IsMatch(txtName.Text) && username.IsMatch(txtUsername.Text) && !string.IsNullOrWhiteSpace(txtPassword.Text) && !string.IsNullOrWhiteSpace(txtConfirmPassword.Text) && mobileno.IsMatch(txtMobileNo.Text) && email.IsMatch(txtEmail.Text) && !string.IsNullOrWhiteSpace(txtAnswer.Text))
        {
            return true;
        }
        else
        {
            return false;
        }
    }

请帮帮我。谢谢!

1 个答案:

答案 0 :(得分:0)

使用参数化SQL。也许您输入的字符串包含'字符,它会破坏您的查询

SqlCommand cmd = new SqlCommand("Insert into Login(Name,Username,Password,[Mobile No.],Email,SecurityQuestion,Answer) values(@Name,@Username,@Password,@Mobile,@Email,@Combosecurity,@Answer);", con);
        cmd.Parameters.AddWithValue("@Name",txtName.Text);
        cmd.Parameters.AddWithValue("@Username",txtUsername.Text);
        cmd.Parameters.AddWithValue("@Password",txtPassword.Text);
        cmd.Parameters.AddWithValue("@Mobile",txtMobileNo.Text);
        cmd.Parameters.AddWithValue("@Email",txtEmail.Text);
        cmd.Parameters.AddWithValue("@Combosecurity", comboSecurityQuestion.Text );
        cmd.Parameters.AddWithValue("@Answer",txtAnswer.Text);