使用executeNonquery时,表不会更新

时间:2010-08-17 14:21:37

标签: c# sql visual-studio-2008 ado.net

我正在尝试更改用户密码。我无法更新密码:(。我收到的消息是密码更改,因为它没有改变。 我的代码如下..如果有人可以建议我哪里出错了。我只是一个初学者... 

protected void Button1_Click(object sender, EventArgs e)
{
    DatabaseLayer data = new DatabaseLayer();

    string username = Session["Authenticate"].ToString();
    string password = TextBox1.Text;
    string newpass = TextBox2.Text;
    string confirm = TextBox3.Text;
    string flag = "";

    if (newpass.ToString() == confirm.ToString())
    {
        flag = data.passwordChange(username, password, newpass);
        Literal1.Text = flag.ToString();
    }
    else
    {
        Literal1.Text = "New Password does not match the Confirm Password ";
    }
}

上述点击事件必须更改我的密码,函数passwordChange如下所示.. 

public string passwordChange(string username, string password, string newPasswd)
{
    string SQLQuery = "SELECT password FROM LoginAccount WHERE username = '" + username + "'";
    string SQLQuery1 = "UPDATE LoginAccount SET password = ' " + newPasswd + " ' WHERE username = ' " + username + "'";
    SqlCommand command = new SqlCommand(SQLQuery, sqlConnection);
    SqlCommand command1 = new SqlCommand(SQLQuery1, sqlConnection);

    sqlConnection.Open();
    string sqlPassword = "";
    SqlDataReader reader;

    try
    {
        reader = command.ExecuteReader();


        if (reader.Read())
        {
            if (!reader.IsDBNull(0))
            {
                sqlPassword = reader["password"].ToString();
            }
        }
        reader.Close();

        if (sqlPassword.ToString() == password.ToString())
        {
            try
            {
                int flag = 0;
                flag = command1.ExecuteNonQuery();

                if (flag > 0)
                {
                    sqlConnection.Close();
                    return "Password Changed Successfully";
                }
                else
                {
                    sqlConnection.Close();
                    return "User Password could not be changed";
                }
            }
            catch (Exception exr)
            {
                sqlConnection.Close();
                return "Password Could Not Be Changed Please Try Again";
            }
        }
        else
        {
            sqlConnection.Close();
            return "User Password does not Match";
        }
    }
    catch (Exception exr)
    {
        sqlConnection.Close();
        return "User's Password already exists";
    }
}

我在附近设置了一个断点

if(flag>0)

它仍然显示executeNonquery aint返回更新的行值,并且还在SQL服务器的后端,它没有变化, 如果有人能纠正我...我应该使用其他执行命令吗? 我正在使用VS 2008和SQL Server 2005进行此操作..

3 个答案:

答案 0 :(得分:6)

1:这是你的单引号和双引号之间的间距:(赞:' " + username + " '
2)你正在乞求SQL注入。

PasswordChange方法中尝试此操作:

public string PasswordChange(string userName, string oldPass, string newPass)
{
    using(SqlConnection sqlConnection = new SqlConnection(
        ConfigurationManager.ConnectionStrings["LoginDb"].ConnectionString))
   {
    string sqlToConfirmOldPass =
      "SELECT password FROM LoginAccount WHERE username = @userName";
    string sqlToUpdatePassword =
      "UPDATE LoginAccount SET password = @newPass WHERE username = @userName";

    SqlCommand confirmOldPass = new SqlCommand(sqlToConfirmOldPass, sqlConnection);
    confirmOldPass.Parameters.AddWithValue("@userName", userName);

    SqlCommand updatePassword = new SqlCommand(sqlToUpdatePassword, sqlConnection);
    updatePassword.Parameters.AddWithValue("@newPass", newPass);
    updatePassword.Parameters.AddWithValue("@userName", userName);

    [Rest of your code goes here]
   }
}

我也没看到你在哪里设置你的SqlConnection,所以我为它添加了一行。您需要根据需要对其进行修改。

答案 1 :(得分:1)

请尝试使用此代码。

public string passwordChange(string username, string password, string newPasswd)
{
    string SQLQuery = "SELECT password FROM LoginAccount WHERE username = @username";
    string SQLQuery1 = "UPDATE LoginAccount SET password = @newPassword  WHERE username = @username";
    SqlCommand command = new SqlCommand(SQLQuery, sqlConnection);
    command.Parameters.AddWithValue("@username", username);

    SqlCommand command1 = new SqlCommand(SQLQuery1, sqlConnection);
    command1.Parameters.AddWithValue("@username", username);
    command1.Parameters.AddWithValue("@newPassword", newPasswd);

    sqlConnection.Open();
    string sqlPassword = "";
    SqlDataReader reader;

    try
    {
        reader = command.ExecuteReader();


        if (reader.Read())
        {
            if (!reader.IsDBNull(0))
            {
                sqlPassword = reader["password"].ToString();
            }
        }
        reader.Close();

        if (sqlPassword.ToString() == password.ToString())
        {
            try
            {
                int flag = 0;
                flag = command1.ExecuteNonQuery();

                if (flag > 0)
                {
                    sqlConnection.Close();
                    return "Password Changed Successfully";
                }
                else
                {
                    sqlConnection.Close();
                    return "User Password could not be changed";
                }
            }
            catch (Exception exr)
            {
                sqlConnection.Close();
                return "Password Could Not Be Changed Please Try Again";
            }
        }
        else
        {
            sqlConnection.Close();
            return "User Password does not Match";
        }
    }
    catch (Exception exr)
    {
        sqlConnection.Close();
        return "User's Password already exists";
    }
}

答案 2 :(得分:0)

如果您获得零行影响,请检查您的WHERE子句是否实际有效。我敢打赌,如果您选择WHERE username = '" + username + "'",您将找不到您正在寻找的行。至少,这是我要确认的第一件事。

相关问题
最新问题