我正在使用C#编程语言和Visual Studio自动化学生信息系统。我正在使用MSSQL作为数据库。最初,我创建了许多不同的表格,例如学生,老师,父母,讲座和管理员。但是后来我决定将它们收集在一张桌子上。这是我的问题。
我在sql查询中创建了一个名为userType的变量。例如,当用户类型为1的表中的用户登录系统时,请转到管理面板。我希望用户在有2个人登录后进入学生表。首先我是学生,如果您是老师,如果您是管理员,我将分别打开三个标签并进行处理每个标签分别。但是现在我希望用户在登录时根据类型来选择适当的表单。所以我说性能会更好。
Sql查询在这里;
query = new SqlCommand ("declare @userType SMALLINT if @userType = 1" +
"Select * from singleTable where UserType = 1 and UserName = '" + userName.Text + "'" +
"else if @userType = 2 Select * from singleTable where UserType = 2 and UserName = '" + userName.Text + "'" +
"else if @userType = 3 select * from singleTable where UserType = 3 and UserName = '" + userName.Text + "'", conn);
dr = query.ExecuteReader ();
if (dr.Read ())
{
MessageBox.Show ("Login is successful. Welcome" "+ userName.Text +" '");
studentPanel form = new studentPanel ();
form.userName = userName.Text;
Form.ShowDialog ();
this.Hide ();
}
这没关系。但是我不知道如何将表格发送到适当的表格。
if (@userType = 1) {
adminPanel form = new adminPanel ();
}
else if (@userType = 2) {
teacherPanel form = new teacherPanel ();
}
else if (@userType = 3) {
studentPanel form = new studentPanel ();
}
以上是您在看到对单个表单的访问权限时提供的代码。我想连接上面的@userType变量。
所以我想在if(dr.Read)中打开新的if块。
private void loginButton_Click(object sender, EventArgs e)
{
string connection = @"Data Source=DESKTOP-AG9TT68;Initial Catalog=studentInformation;Integrated Security=True";
SqlConnection conn = new SqlConnection(connection);
if (conn.State == ConnectionState.Closed)
{
conn.Open();
var query = new SqlCommand(@"IF @UserType = 'admin'
BEGIN
Select * from singleTable where UserType = 'admin' and UserName = @Username;
END
IF @UserType = 'teacher'
BEGIN
Select * from singleTable where UserType = 'teacher' and UserName = @Username;
END
IF @UserType = 'student'
BEGIN
select * from singleTable where UserType = 'student' and UserName = @Username;
END", conn);
//You should pass parameters to avoid SQL injection
var userType = "@UserType";
query.Parameters.AddWithValue("@UserType", userType);
query.Parameters.AddWithValue("@Username", userName.Text);
var dr = query.ExecuteReader();
if (dr.Read())
{
if (userType == "'admin'")
{
MessageBox.Show("Login is successful. Welcome '" + userName.Text + "'");
adminPanel form = new adminPanel();
form.ShowDialog();
this.Hide();
}
else
{
MessageBox.Show("Your username or password is wrong!");
}
if (userType == "'teacher'")
{
MessageBox.Show("Login is successful. Welcome '" + userName.Text + "'");
teacherPanel form = new teacherPanel();
form.ShowDialog();
this.Hide();
}
else
{
MessageBox.Show("Your username or password is wrong!");
}
if (userType == "'student'")
{
MessageBox.Show("Login is successful. Welcome '" + userName.Text + "'");
studentPanel form = new studentPanel();
form.ShowDialog();
this.Hide();
}
else
{
MessageBox.Show("Your username or password is wrong!");
}
}
}
}
喜欢...等待您的帮助。致敬。
嘿。 SqlConnection为空值。
>>> sys.float_info.max
1.7976931348623157e+308
>>> sys.float_info.max - 1.0
1.7976931348623157e+308
>>> sys.float_info.max - 1e100
1.7976931348623157e+308
>>> sys.float_info.max - 1e300
1.7976931248623157e+308
答案 0 :(得分:0)
将@userType作为参数传递给您的查询:
var query = new SqlCommand(@"IF @UserType = 1
BEGIN
Select * from singleTable where UserType = 1 and UserName = @Username;
END
IF @UserType = 2
BEGIN
Select * from singleTable where UserType = 2 and UserName = @Username;
END
IF @UserType = 3
BEGIN
select * from singleTable where UserType = 3 and UserName = @Username;
END", conn);
//You should pass parameters to avoid SQL injection
query.Parameters.AddWithValue("@UserType", userType);
query.Parameters.AddWithValue("@Username", username.Text);
var dr = query.ExecuteReader();
或者按照@mjwills的建议,您可以在没有条件的情况下做到这一点:
var query = "Select * from singleTable where UserType = @UserType and UserName = @Username and UserType IN (1,2,3)";
query.Parameters.AddWithValue("@UserType", userType);
query.Parameters.AddWithValue("@Username", username.Text);
var dr = query.ExecuteReader();
答案 1 :(得分:0)
尝试类似的东西
private void button1_Click(object sender, EventArgs e)
{
SqlCommand cmd = null;
SqlDataAdapter da = null;
DataTable dt = null;
Form form = null;
int UserID = -1;
try
{
string Query = "select UserID from tblName where UserName = @Username ";
cmd = new SqlCommand(Query, con);
da = new SqlDataAdapter();
dt = new DataTable();
cmd.Parameters.AddWithValue("@Username", username.Text);
con.Open();
da.Fill(dt);
if (dt.Rows.Count==0)
{
throw new Exception(string.Format("User '{0}' not founded", username.Text));
}
if (dt.Rows.Count>1)
{
throw new Exception(string.Format("User '{0}' founded but multiple", username.Text));
}
UserID = (int)dt.Rows[0]["UserID"];
switch (UserID)
{
case 1:
form = new adminPanel();
break;
case 2:
form = new teacherPanel();
break;
case 3:
form = new studentPanel();
break;
default:
throw new Exception(string.Format("User ID '{0}' not implemented", UserID));
}
this.Hide();
form.ShowDialog();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
con.Close();
if (cmd != null) cmd.Dispose();
if (da != null) da.Dispose();
if (dt != null) dt.Dispose();
}
}
答案 2 :(得分:0)
想像
__GENUS : 2
__CLASS : Win32_Processor
__SUPERCLASS :
__DYNASTY :
__RELPATH :
__PROPERTY_COUNT : 2
__DERIVATION : {}
__SERVER :
__NAMESPACE :
__PATH :
Name : Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
ProcessorId : BFEBFBFF000306A9
PSComputerName :