我正在尝试创建一个注册表单。但是当我点击注册按钮时,我得到异常SqlException was unhandled。几乎我的整个代码工作正常,但我在cmd.ExecuteNonQuery()得到例外。这是我的代码: -
private void buttonSignUp_Click(object sender, EventArgs e)
{
if (check())
{
SqlConnection con = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Suhail\Documents\Database.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True;");
SqlCommand cmd = new SqlCommand("Insert into Login(Name,Username,Password,[Mobile No.],Email,SecurityQuestion,Answer) values('" + txtName.Text + "','" + txtUsername.Text + "','" + txtPassword.Text + "','" + txtMobileNo.Text + "','" + txtEmail.Text + "','" + comboSecurityQuestion.Text + "','" + txtAnswer.Text + "');", con);
try
{
con.Open();
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Sign Up Successful.");
}
catch(Exception ex)
{
MessageBox.Show(ex.Message);
}
}
else
{
MessageBox.Show("Error");
}
}
public bool check()
{
Regex name = new Regex("^[a-zA-Z]+$");
Regex username = new Regex("^[0-9a-zA-Z]+${3}");
Regex mobileno = new Regex("^[0-9]{10}");
Regex email = new Regex("^([0-9a-zA-Z]([-\\.\\w]*[0-9a-zA-Z])*@([0-9a-zA-Z][-\\w]*[0-9a-zA-Z]\\.)+[a-zA-Z]{2,9})$");
if (name.IsMatch(txtName.Text))
{
}
else
{
MessageBox.Show("Name has to contain characters.");
}
if (string.IsNullOrWhiteSpace(txtUsername.Text))
{
MessageBox.Show("Username cannot be left empty.");
}
if (username.IsMatch(txtUsername.Text))
{
}
else
{
MessageBox.Show("Username entered is invalid.");
}
if (string.IsNullOrWhiteSpace(txtPassword.Text))
{
MessageBox.Show("Password cannot be left empty.");
}
if (string.IsNullOrWhiteSpace(txtConfirmPassword.Text))
{
MessageBox.Show("Confirm Password cannot be left empty.");
}
if (string.IsNullOrWhiteSpace(txtMobileNo.Text))
{
MessageBox.Show("Mobile No. cannot be left empty.");
}
if (mobileno.IsMatch(txtMobileNo.Text))
{
}
else
{
MessageBox.Show("Mobile No. entered is Invalid.");
}
if (string.IsNullOrWhiteSpace(txtEmail.Text))
{
MessageBox.Show("Email cannot be left empty.");
}
else if (email.IsMatch(txtEmail.Text))
{
}
else
{
MessageBox.Show("Email entered is invalid.");
}
if (string.IsNullOrWhiteSpace(txtAnswer.Text))
{
MessageBox.Show("Answer to Security Question cannot be left empty.");
}
if (name.IsMatch(txtName.Text) && username.IsMatch(txtUsername.Text) && !string.IsNullOrWhiteSpace(txtPassword.Text) && !string.IsNullOrWhiteSpace(txtConfirmPassword.Text) && mobileno.IsMatch(txtMobileNo.Text) && email.IsMatch(txtEmail.Text) && !string.IsNullOrWhiteSpace(txtAnswer.Text))
{
return true;
}
else
{
return false;
}
}
请帮帮我。谢谢!
答案 0 :(得分:0)
使用参数化SQL。也许您输入的字符串包含'字符,它会破坏您的查询
SqlCommand cmd = new SqlCommand("Insert into Login(Name,Username,Password,[Mobile No.],Email,SecurityQuestion,Answer) values(@Name,@Username,@Password,@Mobile,@Email,@Combosecurity,@Answer);", con);
cmd.Parameters.AddWithValue("@Name",txtName.Text);
cmd.Parameters.AddWithValue("@Username",txtUsername.Text);
cmd.Parameters.AddWithValue("@Password",txtPassword.Text);
cmd.Parameters.AddWithValue("@Mobile",txtMobileNo.Text);
cmd.Parameters.AddWithValue("@Email",txtEmail.Text);
cmd.Parameters.AddWithValue("@Combosecurity", comboSecurityQuestion.Text );
cmd.Parameters.AddWithValue("@Answer",txtAnswer.Text);