wpf验证组合框文本框 [英] wpf validation combobox textbox
本文介绍了wpf验证组合框文本框的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
There are 2 comboboxes and 2 textboxes in my wpf project.
I want to set fill in validation.
It says "Fill in properly" even I fill them properly.
Below is my code:
private void Reg()
{
if (txtDate.Text != null & txtTime.Text != null & cmbGroup1.SelectedIndex > 0 & cmbName1.SelectedIndex > 0)
{
MySqlConnection con = new MySqlConnection(constr);
MySqlCommand cmd = new MySqlCommand("INSERT INTO Regiter(Date,Time,Image_ID,Students_ID) "
+ "VALUES ('" + txtDate.Text + "','" + txtTime.Text + "','" + getMaxRasmID() + "','" + getStudentsID() + "')", con);
con.Open();
int i = cmd.ExecuteNonQuery();
if (i > 0)
{
MessageBox.Show("Registered");
}
con.Close();
}
else
{
MessageBox.Show("Fill in properly");
}
}
推荐答案
从一开始你的方法就错了。通过串联从UI获取的字符串组成的查询。不仅重复的字符串连接是低效的(因为字符串是不可变的;我是否必须解释为什么它会使重复连接变坏?),但是有更重要的问题:它打开了通向良好的大门已知的漏洞称为 SQL注入。 Richard Deeming在对这个问题的评论中明确表示,但你可能需要一些解释。
这是它的工作原理:http://xkcd.com/327 。
你明白了吗?从控件中获取的字符串可以是任何东西,包括......一段SQL代码。
怎么办?只需阅读有关此问题和主要补救措施:参数化语句: http://en.wikipedia.org/ wiki / SQL_injection 。
使用ADO.NET,使用:http://msdn.microsoft.com/en-us/library/ff648339.aspx 。
请参阅我过去的答案有更多细节:
在com.ExecuteNonQuery中重新启动EROR( ); ,
嗨名字没有显示在名称中?。
它与验证无关;你的代码都没有。如果您需要验证,请在使用SQL语句之前 。最有可能的是,您需要进行验证,就像您必须执行的过程一样,将文本解析为需要分配给参数化语句参数的某些类型数据。
-SA
Your approach is wrong from the very beginning. The query composed by concatenation with strings taken from UI. Not only repeated string concatenation is inefficient (because strings are immutable; do I have to explain why it makes repeated concatenation bad?), but there is way more important issue: it opens the doors to a well-known exploit called SQL injection. Richard Deeming made it clear in his comment to the question, but you may need some explanations.
This is how it works: http://xkcd.com/327.
Are you getting the idea? The string taken from a control can be anything, including… a fragment of SQL code.
What to do? Just read about this problem and the main remedy: parametrized statements: http://en.wikipedia.org/wiki/SQL_injection.
With ADO.NET, use this: http://msdn.microsoft.com/en-us/library/ff648339.aspx.
Please see my past answers for some more detail:
EROR IN UPATE in com.ExecuteNonQuery();,
hi name is not displaying in name?.
It has nothing to do with validation; neither your code does. If you need validation, just do it before using your SQL statement. Most likely, you will need validation just as as part of the procedure you have to perform to parse the text to some typed data you need to assign to a parameter of your parameterized statement.
—SA
这篇关于wpf验证组合框文本框的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
