如何使这种方法将不在数据库中的用户插入其中? [英] How to make this method for inserting the user who is not in the database to it?

问题描述

在显示用户信息后，我正在使用ASP.NET向导控件来编辑用户的角色.该向导包括三个步骤:

大家好，

第一步:包含一个文本框，管理员将在其中放置用户的用户名

第二步:将显示用户信息

第三步:用于编辑用户角色

由于我正在为公司开发Intranet Web应用程序，因此管理员不需要知道用户是否在数据库中.因此，我希望系统自动在后台检查用户是否在数据库中.如果他在数据库中，则将立即为他编辑角色.如果他不在数据库中，那么他的信息将被赋予角色，从而被添加到系统中.

I am using an ASP.NET wizard control for editing the role of the user after showing its information. The wizard consists of three steps:

Hello everybody,

First Step: contains a textbox where the admin will put the username of the user

Second Step: it will show the information of the user

Third Step: it is for editing the role of the user

Since I am developing an intranet web applicaiton for the company, the Admin doesn''t need to know if the user is on the database or not. So I want the system automatically to check in the background if the user is on the database or not. If he is in the database, the role will be edited for him immediately. If he is not in the database, his information will be added to the system with giving him a role.

protected void Wizard1_FinishButtonClick(object sender, WizardNavigationEventArgs e)
        {
            //If one of the items is selected AND a username exists in the Username session object update the user role
            string username = TextBox1.Text;
    
            if (!String.IsNullOrEmpty(radio1.SelectedValue) && !String.IsNullOrEmpty(username))
            {
                string connString = "Data Source=localhost\\sqlexpress;Initial Catalog=psspdb;Integrated Security=True";
    
                string insertUserCommand = "INSERT INTO employee (Name, Username, JobTitle, BadgeNo, EmpOrgType, DivisionCode) values (@Name, @Username, @JobTitle, @BadgeNo, @EmpOrgType, @DivisionCode)";
                string cmdText = "SELECT Count(*) FROM employee WHERE Username = '" + username + "'";
                
                using (SqlConnection conn = new SqlConnection(connString))
                {
                    conn.Open();
                    // Open DB connection.
                    using (SqlCommand cmd = new SqlCommand(cmdText, conn))
                    {
                        if ((int)cmd.ExecuteScalar() == 0)){
                            SqlCommand cmd2 = new SqlCommand(insertUserCommand, conn)
                            cmd2.Parameters.AddWithValue("@Name", name);
                            cmd2.Parameters.AddWithValue("@Username", username);
                        }
                        
                    }
                }
    
                string deleteCommand = "DELETE FROM UserRole where Username=@Username";
                string insertCommand = "INSERT INTO UserRole (RoleID,Username) values(@RoleID,@Username)";
                using (SqlConnection conn = new SqlConnection(connString))
                {
                    conn.Open();
                    //using (SqlCommand cmd = new SqlCommand(cmdText, conn))
                    using (SqlCommand cmd = new SqlCommand(deleteCommand, conn))
                    {
                        cmd.Parameters.AddWithValue("@Username", username);
                        cmd.ExecuteNonQuery();
                        //Now the insert
                        cmd.CommandText = insertCommand;
                        cmd.Parameters.Clear(); //need this because still has params from del comm
                        cmd.Parameters.AddWithValue("@RoleID", radio1.SelectedValue);
                        cmd.Parameters.AddWithValue("@Username", username);
                        cmd.ExecuteNonQuery();
                        //infoSpan.InnerText = String.Format("The users role has been updated to - {0}", radio1.SelectedValue);
                        //cmd.ExecuteScalar();
                        //infoSpan.InnerText = String.Format("The users role has been updated to - {0}", radio1.SelectedValue);
                    }
                }
    
                Wizard1.Visible = false;
                wizard.InnerHtml = @"The task has been done successfully. <br /> <a href="UserManagement.aspx">Edit Another User</a>";
            }
    
    
        }

除了用户不在数据库中的情况外，我所做的一切都正确无误.我只是在Wizard1_FinishButtonClick()中添加了一个方法，它使所有内容崩溃，并且我不知道如何解决它.请帮忙吗?

I did everything correct and fine except for the case that the user is not in the database. I just added one method inside the Wizard1_FinishButtonClick() and it crashed everything and I did not know how to fix it. Any help please?

推荐答案

我唯一看到的问题是:
1)您正在发出带有6个参数的INSERT命令:

The only problems I can see are:
1) You are issueing an INSERT command with 6 parameters:

string insertUserCommand = "INSERT INTO employee (Name, Username, JobTitle, BadgeNo, EmpOrgType, DivisionCode) values (@Name, @Username, @JobTitle, @BadgeNo, @EmpOrgType, @DivisionCode)";

但是您只提供其中的2个:

But you are only supplying 2 of them:

SqlCommand cmd2 = new SqlCommand(insertUserCommand, conn)
cmd2.Parameters.AddWithValue("@Name", name);
cmd2.Parameters.AddWithValue("@Username", username);

您需要将其余的参数添加到SqlCommand对象中.
2)您不执行命令.添加

You need to add the remaining paramaters to the SqlCommand object.

2) You do not action the command. Add a

cmd2.ExecuteNonQuery();

这篇关于如何使这种方法将不在数据库中的用户插入其中?的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！