sqlQuery与if else

时间:2018-10-28 09:59:02

标签: c# sql-server

我正在使用C#编程语言和Visual Studio自动化学生信息系统。我正在使用MSSQL作为数据库。最初,我创建了许多不同的表格,例如学生,老师,父母,讲座和管理员。但是后来我决定将它们收集在一张桌子上。这是我的问题。

我在sql查询中创建了一个名为userType的变量。例如,当用户类型为1的表中的用户登录系统时,请转到管理面板。我希望用户在有2个人登录后进入学生表。首先我是学生,如果您是老师,如果您是管理员,我将分别打开三个标签并进行处理每个标签分别。但是现在我希望用户在登录时根据类型来选择适当的表单。所以我说性能会更好。

Sql查询在这里;

query = new SqlCommand ("declare @userType SMALLINT if @userType = 1" +
        "Select * from singleTable where UserType = 1 and UserName = '" + userName.Text + "'" +
    "else if @userType = 2 Select * from singleTable where UserType = 2 and UserName = '" + userName.Text + "'" +
    "else if @userType = 3 select * from singleTable where UserType = 3 and UserName = '" + userName.Text + "'", conn);
                dr = query.ExecuteReader ();
                if (dr.Read ())
                {
                    MessageBox.Show ("Login is successful. Welcome" "+ userName.Text +" '");
                    studentPanel form = new studentPanel ();
                    form.userName = userName.Text;
                    Form.ShowDialog ();
                   this.Hide ();
                }

这没关系。但是我不知道如何将表格发送到适当的表格。

if (@userType = 1) {
adminPanel form = new adminPanel ();
}
else if (@userType = 2) {
teacherPanel form = new teacherPanel ();
}

else if (@userType = 3) {
studentPanel form = new studentPanel ();
}

以上是您在看到对单个表单的访问权限时提供的代码。我想连接上面的@userType变量。

所以我想在if(dr.Read)中打开新的if块。

private void loginButton_Click(object sender, EventArgs e)
    {
        string connection = @"Data Source=DESKTOP-AG9TT68;Initial Catalog=studentInformation;Integrated Security=True";
        SqlConnection conn = new SqlConnection(connection);
        if (conn.State == ConnectionState.Closed)
        {
            conn.Open();
            var query = new SqlCommand(@"IF @UserType = 'admin' 
            BEGIN
            Select * from singleTable where UserType = 'admin' and UserName = @Username;
            END
            IF @UserType = 'teacher' 
            BEGIN 
            Select * from singleTable where UserType = 'teacher' and UserName = @Username;
            END
            IF @UserType = 'student' 
            BEGIN 
            select * from singleTable where UserType = 'student' and UserName = @Username;
            END", conn);
            //You should pass parameters to avoid SQL injection
            var userType = "@UserType";
            query.Parameters.AddWithValue("@UserType", userType);
            query.Parameters.AddWithValue("@Username", userName.Text);

            var dr = query.ExecuteReader();
            if (dr.Read())
            {

                if (userType == "'admin'")
                {
                    MessageBox.Show("Login is successful. Welcome '" + userName.Text + "'");
                    adminPanel form = new adminPanel();
                    form.ShowDialog();
                    this.Hide();
                }
                else
                {
                    MessageBox.Show("Your username or password is wrong!");
                }

                if (userType == "'teacher'")
                {
                    MessageBox.Show("Login is successful. Welcome '" + userName.Text + "'");
                    teacherPanel form = new teacherPanel();
                    form.ShowDialog();
                    this.Hide();
                }
                else
                {
                    MessageBox.Show("Your username or password is wrong!");
                }

                if (userType == "'student'")
                {
                    MessageBox.Show("Login is successful. Welcome '" + userName.Text + "'");
                    studentPanel form = new studentPanel();
                    form.ShowDialog();
                    this.Hide();
                }
                else
                {
                    MessageBox.Show("Your username or password is wrong!");
                }



            }

        }
    }

喜欢...等待您的帮助。致敬。

嘿。 SqlConnection为空值。

>>> sys.float_info.max
1.7976931348623157e+308
>>> sys.float_info.max - 1.0
1.7976931348623157e+308
>>> sys.float_info.max - 1e100
1.7976931348623157e+308
>>> sys.float_info.max - 1e300
1.7976931248623157e+308

3 个答案:

答案 0 :(得分:0)

将@userType作为参数传递给您的查询:

var query = new SqlCommand(@"IF @UserType = 1 
BEGIN
    Select * from singleTable where UserType = 1 and UserName = @Username;
END
IF @UserType = 2 
BEGIN 
    Select * from singleTable where UserType = 2 and UserName = @Username;
END
IF @UserType = 3 
BEGIN 
select * from singleTable where UserType = 3 and UserName = @Username;
END", conn);

//You should pass parameters to avoid SQL injection
        query.Parameters.AddWithValue("@UserType", userType);
        query.Parameters.AddWithValue("@Username", username.Text);

    var dr = query.ExecuteReader();

或者按照@mjwills的建议,您可以在没有条件的情况下做到这一点:

var query = "Select * from singleTable where UserType = @UserType and UserName = @Username and UserType IN (1,2,3)";

query.Parameters.AddWithValue("@UserType", userType);
query.Parameters.AddWithValue("@Username", username.Text);

var dr = query.ExecuteReader();

答案 1 :(得分:0)

尝试类似的东西

private void button1_Click(object sender, EventArgs e)
        {

            SqlCommand cmd = null;
            SqlDataAdapter da = null;
            DataTable dt = null;
            Form form = null;
            int UserID = -1;

            try
            {
                string Query = "select UserID from tblName where UserName = @Username ";
                cmd = new SqlCommand(Query, con);
                da = new SqlDataAdapter();
                dt = new DataTable();
                cmd.Parameters.AddWithValue("@Username", username.Text);

                con.Open();
                da.Fill(dt);

                if (dt.Rows.Count==0)
                {
                    throw new Exception(string.Format("User '{0}' not founded", username.Text));
                }

                if (dt.Rows.Count>1)
                {
                    throw new Exception(string.Format("User '{0}' founded but multiple", username.Text));
                }

                UserID = (int)dt.Rows[0]["UserID"];

                switch (UserID)
                {
                    case 1:
                        form = new adminPanel();
                        break;

                    case 2:
                        form = new teacherPanel();
                        break;

                    case 3:
                        form = new studentPanel();
                        break;

                    default:
                        throw new Exception(string.Format("User ID '{0}' not implemented", UserID));
                }

                this.Hide();
                form.ShowDialog();
            }
            catch (Exception ex)
            {
                MessageBox.Show(ex.Message);
            }
            finally
            {
                con.Close();
                if (cmd != null) cmd.Dispose();
                if (da != null) da.Dispose();
                if (dt != null) dt.Dispose();
            }
        }

答案 2 :(得分:0)

想像

__GENUS          : 2
__CLASS          : Win32_Processor
__SUPERCLASS     :
__DYNASTY        :
__RELPATH        :
__PROPERTY_COUNT : 2
__DERIVATION     : {}
__SERVER         :
__NAMESPACE      :
__PATH           :
Name             : Intel(R) Core(TM) i7-3537U CPU @ 2.00GHz
ProcessorId      : BFEBFBFF000306A9
PSComputerName   :