检查数据库中是否已存在用户名 [英] Checking if username already exists in the DB
问题描述
protected void Page_Load(object sender, EventArgs e)
{
if (IsPostBack)
{
SqlConnection conn = new SqlConnection("Data Source=DESKTOP-06QKCFT\\SQLEXPRESS;Initial Catalog=CMS1;Integrated Security=True");
conn.Open();
bool exists = false;
string chechuser = "SELECT count(*) FROM [user] where username='" + t_username.Text + "'";
SqlCommand cmd = new SqlCommand(chechuser, conn);
cmd.Parameters.AddWithValue("UserName", t_username.Text);
exists = (int)cmd.ExecuteScalar() > 0;
if (exists)
{
Response.Write("User Already Exists");
}
conn.Close();
}
}
我尝试了什么:
What I have tried:
I have tried it in this way but not working the user still enter to DB:
<pre> if (IsPostBack)// to check if the user is already exsist
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["regstration_ConnectionString"].ConnectionString);
conn.Open();
string checkuser = "selecte count(*) from Table where username='" + t_username.Text + "'";
SqlCommand com = new SqlCommand(checkuser, conn);
int temp = Convert.ToInt32(com.ExecuteScalar().ToString());
if(temp == 1)
{
Response.Write("User Already Exists");
}
conn.Close();
}
推荐答案
请参阅 asp.net中的简单登录表单示例检查数据库ASP.NET,C#.NET中的用户名和密码可用性, VB.NET [ ^ ]
永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。
SELECT在末尾没有E:
Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
SELECT does not have an "E" at teh end:
string checkuser = "selecte count(*) from ...
您的两个SELECT语句使用不同的表:
Your two SELECT statements are using different tables:
SELECT count(*) FROM [user] where username=和
And
selecte count(*) from Table where username=解决问题,并使用正确的表 - 我怀疑第二个是错误的,因为TABLE是一个SQL保留字。
Work out wher eit is, and use the right table - I suspect teh second one is faulty as TABLE is an SQL reserved word.
无法正常工作用户仍然输入DB:
not working the user still enter to DB:
嗯...不在那段代码中。
该代码只是检查用户是否存在,如果有,则打印一条消息 - 它不会阻止以后的代码插入用户。
该代码看起来像是在猜测并希望最好而不是坐下来思考你想要做什么:你不使用的参数,硬编码连接字符串,没有INSERT代码,不相关的转换,各种各样的东西。
停止,思考和设计。然后抛弃那一批,并从头开始编码。从长远来看,它会为你节省很多时间,诚实。
Well...not in that code.
That code just checks if a user exists, and prints a message if it does - it does nothing to prevent later code from inserting a user.
That code looks like you are guessing and hoping for the best instead of sitting down and thinking about what you are trying to do: a parameter you don't use, hard coded connection strings, no INSERT code, irrelevant conversions, all sorts of stuff.
Stop, think, and design. Then throw that lot away, and code from scratch. It'll save you a lot of time in the long run, honest.
这篇关于检查数据库中是否已存在用户名的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
