public static Boolean ValidateUser(string struser, string strpass)
{
// Establish connection information
SqlConnection conn_string = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["Data Source=137.145.169.3;Initial Catalog=SICI4266;Persist Security Info=True;User ID=SICI4266G3;Password=*******"].ConnectionString);
// Establish SQL command
SqlCommand sql_comm = new SqlCommand("SELECT count(userID) FROM HIEPA.HIEPA_USERS where UserName = @usuario and UserPassword = @contrasena ; ", conn_string);
// Provide Parameter values
sql_comm.Parameters.AddWithValue("@usuario", struser);
sql_comm.Parameters.AddWithValue("@contrasena", strpass);
// Open the connection
conn_string.Open();
// Execute the SQL command and assign the resulting value to an integer variable
Int32 intUserCount = Convert.ToInt32(sql_comm.ExecuteScalar());
// Close the connection
conn_string.Close();
// Evaluate the integer variable content; greater than cero is a valid combination
if (intUserCount == 1)
{
return true;
}
else
{
return false;
}
}
有人可以告诉我为什么提示此错误吗?
答案 0 :(得分:1)
异常结果中红色突出显示的行中的该表达式为null
:
System.Configuration.ConfigurationManager.ConnectionStrings["Data Source=137.145.169.3;Initial Catalog=SICI4266;Persist Security Info=True;User ID=SICI4266G3;Password=*******"]
它为null,因为Connection[]
属性需要字符串的 name ,而不是完整的字符串。它正在尝试在集合中查找字符串,没有找到那么长的大块文本,因此返回null
。
鉴于上述情况,您然后尝试引用.Connection
引用的null
字符串属性。好像您已经这样做:
null.ConnectionString;
要么更改该代码以使用web.config
文件中列出的连接字符串的名称,要么由于您拥有完整的字符串,因此已经将该字符串直接提供给SqlConnection()
构造函数。无论哪种方式,都应该清除该代码:
//comments should focus on "why", rather than "what"
public static Boolean ValidateUser(string struser, string strpass)
{
using (var conn = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["conn string name"].ConnectionString))
using (var sql_comm = new SqlCommand(""SELECT count(userID) FROM HIEPA.HIEPA_USERS where UserName = @usuario and UserPassword = @contrasena ; ", conn))
{
//Don't use AddWithValue(). It forces ADO.Net to guess about parameter types.
//Use exact column types and lengths instead
sql_comm.Parameters.Add("@usuario", SqlDbType.NVarChar, 50).Value = struser;
//Dear God, please tell me you're not using a plain-text password? That's a HUGE mistake!
sql_comm.Parameters.Add("@contrasena", SqlDbType.NVarChar, 180).Value = strpass;
conn.Open();
return (1 == (int)sql_comm.ExecuteScalar());
}
}
答案 1 :(得分:0)
如果在web.config中具有此名称,则表示您的连接字符串名称为“默认”
<connectionStrings>
<add name="Default" connectionString="Data Source=137.145.169.3;Initial Catalog=SICI4266;Persist Security Info=True;User ID=SICI4266G3;Password=*******" providerName="System.Data.SqlClient" />
<connectionStrings>
因此,在代码中添加连接字符串的正确方法是-
SqlConnection conn_string = new SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings["Default"].ConnectionString);