数据未更新到表

时间:2016-01-07 06:31:12

标签: c# oledb

我正在尝试实施密码更改功能,但它似乎不想工作。 

 private void button3_Click(object sender, EventArgs e)
    {

        using (OleDbConnection con = new OleDbConnection(@"Provider = Microsoft.ACE.OLEDB.12.0; Data Source = C:\Users\User\Desktop\esoft\gym\gym\bin\Debug\Clients.accdb"))
        {
            DataTable dt = new DataTable();
            con.Open();
            errorProvider1.Clear();
            if (dt.Rows[0][0].ToString() == "1")
            {
                if (textBox3.Text == textBox4.Text)
                {

                    OleDbDataAdapter da = new OleDbDataAdapter(" COUNT (*) FROM login WHERE username= '" + textBox1.Text + "' AND [password]='" + textBox2.Text + "' ", con);
                    OleDbCommand com = new OleDbCommand("UPDATE login SET [password] = '" + textBox3.Text + "' WHERE username = '" + textBox2.Text + "'", con);
                    com.ExecuteNonQuery();



                    MessageBox.Show("password successfully changed", "success!", MessageBoxButtons.OK, MessageBoxIcon.Information);
                }
                else
                {
                    errorProvider1.SetError(textBox3, "passwords dont match");
                    errorProvider1.SetError(textBox4, "passwords dont match");
                }
            }

            else
            {
                errorProvider1.SetError(textBox1, "wrong username");
                errorProvider1.SetError(textBox2, "wrong pasword");

            }

        }
    }

if (dt.Rows[0][0].ToString() == "1")中有一个错误,它指出在该位置没有找到数据,但数据表中有5行。

在没有上述行的情况下运行代码,如//if (dt.Rows[0][0].ToString() == "1")

代码运行但表中没有更新数据。

再次更新代码并仍然收到相同的错误:

OleDbDataAdapter da = new OleDbDataAdapter("SELECT * FROM login WHERE username= '" + textBox1.Text + "' AND [password]='" + textBox2.Text + "' ", con);
            DataTable dt = new DataTable();
            da.Fill(dt);
            con.Open();
            errorProvider1.Clear();
            if (dt.Rows[0][0].ToString() == "1")

4 个答案:

答案 0 :(得分:2)

尝试按以下方式填写DataTable - 

string cmdString = "SELECT * FROM login WHERE username= '" + textBox1.Text + "' AND [password]='" + textBox2.Text + "' ";
OleDbCommand cmd = new OleDbCommand(cmdString,con);
con.Open();
var dr = cmd.ExecuteReader();

DataTable dt = new DataTable();
dt.Load(dr);
con.Close()

现在您应该在表格中获取数据,前提是您的选择查询是正确的。确保在连接和命令对象上使用using块,以便在超出范围时对其进行处理。

答案 1 :(得分:1)

您只是声明数据表,而不是分配任何数据

DataTable dt = new DataTable();

这就是为什么当你试图让dt.Rows[0][0].ToString()出错时

答案 2 :(得分:0)

你可以试试这个:

OleDbDataAdapter custDA = new OleDbDataAdapter();
     DataSet custDS = new DataSet();
     DataTable custTable = new DataTable("Customers");
     custTable.Columns.Add("CustomerID", typeof(String));
     custTable.Columns.Add("CompanyName", typeof(String));
     custDS.Tables.Add(custTable);
     //Use ADO objects from ADO library (msado15.dll) imported
     //  as.NET library ADODB.dll using TlbImp.exe
     ADODB.Connection adoConn = new ADODB.Connection();
     ADODB.Recordset adoRS = new ADODB.Recordset();
     adoConn.Open("Provider=SQLOLEDB;Data Source=localhost;Initial Catalog=Northwind;Integrated Security=SSPI;", "", "", -1);
     adoRS.Open("SELECT CustomerID, CompanyName FROM Customers", adoConn, ADODB.CursorTypeEnum.adOpenForwardOnly, ADODB.LockTypeEnum.adLockReadOnly, 1);
     custDA.Fill(custTable, adoRS);
     adoRS.Close();
     adoConn.Close();

您可以按照reference

进行操作

答案 3 :(得分:0)

正如另一个人所指出的那样,你永远不会为数据表赋值,这就是为什么它会窒息。您的查询本身,通过字符串连接将打开您的SQL注入。参数化它。最后,对于您的查询,我将查询给定用户ID的所有记录,但是仅基于限定用户ID而不是密码来获取用户和密码值。这样,如果您返回的行数超过1行,则表示会有重复的用户帐户,应该特别注意。如果它返回NO行,则没有这样的用户。如果它返回一行,那么您可以与输入的密码进行比较,如果匹配,您可以使用正确的用户ID。

从您的

开始 
using( OleDbConnection con = ...) 
{
   // create command first.. Parameterize it.  In this case "@" is parameter indicator
   // for Access.  parmUserName is the parameter name to be applied.  I explicitly added
   // "parm" in front to ensure differentiation between the parameter and actual column.
   var cmd = new OleDbCommand( 
               @"select password from login where username = @parmUserName", con);

   // Now, add the parameter of proper data type.  The name of the parameter and it's value
   cmd.Parameters.AddWithValue("parmUserName", textBox1.Text);

   // create your data adapter now based on the command above
   var da = new OleDbDataAdapter(cmd);

   // NOW, create your data table object and have data adapter query and fill with rows.
   var dt = new DataTable();
   da.Fill(dt);

   // NOW, check results.
   if (dt.Rows.Count == 0)
      MessageBox.Show("No such user account");
   else if( dt.Rows.Count > 1)
      MessageBox.Show("Duplicate user account");
   else
   {
      // valid single record. Do the passwords match?
      if (textBox3.Text.Equals(dt.Rows[0]["password"].ToString()))
      {
         MessageBox.Show("Valid login, allow to continue");

         // Now, since it appears you are trying to UPDATE the password for the user,
         // build new UPDATE command and parameterize it in a similar fashion
         var cmdUpd = new OleDbCommand(
                        @"update login set password = @parmNewPwd where username = @parmUserName", con);
         // Now, add the parameter of proper data type.  The name of the parameter and it's value
         cmd.Parameters.AddWithValue("parmNewPwd", textBox3.Text);
         cmd.Parameters.AddWithValue("parmUserName", textBox1.Text);
         if (cmd.ExecuteNonQuery() == 1)
            MessageBox.Show("Password updated");
         else
            MessageBox.Show("Failed updating password");
      }
      else
         MessageBox.Show("Invalid password");
   }
}

最后的说明。您还应该在构建SQL命令之前查看清理数据。永远不要连接用户可以手动输入SQL注入数据的字符串,参数化它们。

相关问题
最新问题