读取器关闭时无效尝试调用读取错误

时间:2016-07-25 10:45:05

标签: c# asp.net sql-server

我正在为员工创建一个新的登录页面并遇到错误

    mDB.Open();
    SqlCommand cmd;
    SqlDataReader rdr;
    String strSql1 = "SELECT * FROM Employee ";
    cmd = new SqlCommand(strSql1, mDB);
    rdr = cmd.ExecuteReader();

    while (rdr.Read() == true)
    {
        if (txtUsername.Text == (string)rdr["eUserName"] &&
            txtPassword.Text == (string)rdr["ePassword"])
         {
            Session["sFlag"] = "T"; // sFlag = "T" means user has logged in
            Session["sFirstName"] = rdr["eFirstName"];
            Session["sLastName"] = rdr["eLastName"];
            Session["sUsername"] = rdr["eUserName"];
            btnLogout.Visible = true;
            btnLogin.Visible = false;
            mDB.Close();

        } //end of if
    } //end of while loop
 // userid and password not matched, hence login unsuccessful
    Session["sFlag"] = "F";
    Session["sName"] = "";
    Session["sUsername"] = "";
    lblMessage.Text = "Username and password does not match- please try again.  ";
    mDB.Close();
}
protected void btnLogout_Click(object sender, EventArgs e)
{
    btnLogout.Visible = false;
    Session["sFlag"] = "L"; // L for logout
    Session["sFirstName"] = "";
    Session["sUsername"] = "";

}

它适用于我的其他客户登录页面。请帮忙?我对此很新。非常感谢大家!

2 个答案:

答案 0 :(得分:3)

您正在关闭阅读循环内的连接(使用mDB.Close();)。这根本不是一件好事。要解决这个问题,请在循环结束后移动close调用:

while (rdr.Read() == true)
{
    if (txtUsername.Text == (string)rdr["eUserName"] &&
        txtPassword.Text == (string)rdr["ePassword"])
    {
        Session["sFlag"] = "T"; // sFlag = "T" means user has logged in
        Session["sFirstName"] = rdr["eFirstName"];
        Session["sLastName"] = rdr["eLastName"];
        Session["sUsername"] = rdr["eUserName"];
        btnLogout.Visible = true;
        btnLogin.Visible = false;


    } //end of if
} //end of while loop
mDB.Close();

答案 1 :(得分:1)

您正在关闭循环中的连接,因此rdr.Read()将使用已关闭的连接来检查是否有第二条记录。那会失败。

相反,您应该使用using - 语句,以确保即使出现错误也会关闭连接:

using(var mDB = new SqlConnection(connectionString))
{
    mDB.Open();
    using(var cmd = new SqlCommand("SELECT * FROM Employee", mDB))
    using(var rdr = cmd.ExecuteReader())
    {

        while (rdr.Read() == true)
        {
            if (txtUsername.Text == (string)rdr["eUserName"] &&
                txtPassword.Text == (string)rdr["ePassword"])
             {
                Session["sFlag"] = "T"; // sFlag = "T" means user has logged in
                Session["sFirstName"] = rdr["eFirstName"];
                Session["sLastName"] = rdr["eLastName"];
                Session["sUsername"] = rdr["eUserName"];
                btnLogout.Visible = true;
                btnLogin.Visible = false;        
            } //end of if
        } //end of while loop
    }
}

Side-Note :您正在选择所有记录并在客户端进行过滤。相反,您应该WHERE在数据库中进行过滤:

using(var cmd = new SqlCommand("SELECT * FROM Employee WHERE eUserName=@Username AND @ePassword=PassWord", mDB))
{
    cmd.Parameters.Add("@UserName", SqlDbType.Varchar).Value = txtUsername.Text;
    cmd.Parameters.Add("@ePassword", SqlDbType.Varchar).Value = txtPassword.Text;
    // ...
}