有时候它会显示邮件ID，有时则不会 [英] Some time it shows mail id, some time not

问题描述

我显示了与用户ID相关的UserMail。但是有一段时间它显示了价值，有些时候它显示了balnk。我用过会话来发送电子邮件。



因为我是初学者，任何人都可以帮我这个或者给我任何建议



我尝试过：

I have displayed UserMail related to user Id . But some time it shows value and some time it shows balnk. I have used session to fatch Email.

As i am beginner can anyone help me on this or give me any suggestions

What I have tried:

private void Score_Page()
  {

          string id1 = Convert.ToString(Session["UserEmail"]);
          int id = Convert.ToInt32(Session["UserID"]);
          string connection = ConfigurationManager.AppSettings["connection"].ToString();
          SqlConnection con = new SqlConnection(connection);
          con.Open();
          SqlCommand com = new SqlCommand("SELECT  UserEmail ='" + id1 + "',QId,AnswerId,CASE WHEN AnswerResult = 0 THEN 'Incorrect' ELSE CASE WHEN AnswerResult = 1 THEN 'Correct' ELSE 'you have null value' END END FROM t_AnswerSheet WHERE UserId='" + id + "'", con);
          SqlDataAdapter sda = new SqlDataAdapter(com);
          DataTable dt = new DataTable();
          sda.Fill(dt);
          con.Close();
          GridView1.DataSource = dt;
          GridView1.DataBind();
   }

推荐答案

有几个原因让它变成空白，首先要确定的是，会话变量，在执行任何操作之前始终检查其值。

There are several reasons why it would be blank, first thing to make sure of is, the session variable, always check its value before doing anything.

if(Session["UserEmail"] != null) {
   string id1 = Convert.ToString(Session["UserEmail"]);
   // Continue
} else {
   // Do not load anything, value is empty.
}

ASP.NET有会话策略，浏览器也开始运行。因此，您需要检查会话是否具有此值。在流的下游，您还应该检查 id 在上下文中是否有效，例如，为什么 SELECT中的条件子句何时可以进入 WHERE 子句？这些事情会很重要，如果情况正常，那么只显示 DataTable 否则会显示一个标签，说明找不到该用户的电子邮件; 显示用于调试目的的id 。



另外，从不连接SQL查询，它们会暴露给 SQL Injection [ ^ ]，没有人喜欢注射。您的代码应该是，

ASP.NET has policies for sessions, plus browser also comes into action. Thus you need to check whether session has this value, or not. Further down the stream, you should also check if the the "id" is valid in the context or not, such as, why a condition in SELECT clause when it can come in the WHERE clause? These things would count a lot, and if things go right only then show that DataTable otherwise show a Label saying that the email was not found for this user; show the id as well for debugging purposes.

Also, never concatenate SQL queries, they are exposed to SQL Injection[^], and no one likes injections. You code should be like,

// I removed the = '' from UserEmail in SELECT, add if needed; check CASE blocks too.
SqlCommand com = new SqlCommand(
"SELECT  UserEmail, QId, AnswerId, 
    CASE WHEN AnswerResult = 0 THEN 
       'Incorrect' 
    ELSE 
       CASE WHEN AnswerResult = 1 THEN 
         'Correct' 
       ELSE 'you have null value' 
       END 
    END 
 FROM t_AnswerSheet 
 WHERE UserId=@idparam", con);

然后最后，将参数传递给此命令并执行它。看看这里，

c＃Using Parameters.AddWithValue在SqlDataAdapter中 - 堆栈溢出 [ ^ ]



使用这些步骤，您将能够显示 DataTable 当有数据时，否则显示一条消息，指出未找到数据，而不是空白 DataTable 。

Then again finally, pass the parameters to this command and execute it. Have a look here,
c# Using Parameters.AddWithValue in SqlDataAdapter - Stack Overflow[^]

Using these steps, you will be able to show the DataTable when there is data, otherwise show a message stating that the data is not found, instead of a blank DataTable.

这篇关于有时候它会显示邮件ID，有时则不会的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！