异常处理无法正常工作 [英] Exception handling not working
本文介绍了异常处理无法正常工作的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我有一个SQL数据库的搜索代码,当我搜索存在的数据时,它运行得很好,但是如果我搜索不在数据库上的数据,则异常处理不起作用。
我尝试过:
i have a search code fro SQL database, when i'm searching for an data which is exist it works perfectly, but if i search for something which is not on the database exception handling is not working.
What I have tried:
//Search from Student table in srsjason database //BY ID//
public Student SearchbyID(string sid)
{
Student SOB = new Student();
try
{
string sql = "select * from Student where Student_ID = '" + sid + "' ";
SqlCommand cmd = new SqlCommand(sql, m_con);
m_con.Open();
SqlDataReader dreader = cmd.ExecuteReader();
if (dreader.Read())
{
SOB.setStudentID(dreader[0].ToString());
SOB.setTitle(dreader[1].ToString());
SOB.setFulname(dreader[2].ToString());
SOB.setAddress(dreader[3].ToString());
SOB.setContact(Convert.ToInt32(dreader[4].ToString())); //Int
SOB.setemail(dreader[5].ToString());
SOB.setDOB(Convert.ToDateTime(dreader[6].ToString())); //DateTime
SOB.setUN(dreader[7].ToString());
SOB.setPW(dreader[8].ToString());
}
else
{
SOB.setStudentID(null);
}
dreader.Close();
}
catch (Exception ex)
{
MessageBox.Show(" No Student Record Found!!");
}
finally
{
m_con.Close();
}
return SOB;
}
推荐答案
这是因为该命令不会抛出异常,除了文档中列出的原因: SqlCommand.ExecuteReader Method(System.Data.SqlClient) [< a href =https://msdn.microsoft.com/en-us/library/9kcbe65k(v=vs.110).aspx\"target =_ blanktitle =New Window> ^ ]。
That is because the command does not throw an exception, other than for the reasons listed in the documentation: SqlCommand.ExecuteReader Method (System.Data.SqlClient)[^] .
在你调用cmd.ExecuteReader()之后你会做这样的事情:
After your call to cmd.ExecuteReader() you would do something like this:
try{
....
dreader = cmd.ExecuteReader();
if (dreader.HasRows){
dreader.Read();
...
}
else
{
// no record found. HasRows = false
}
}
catch (SqlException sqlEx){
// do something
}
catch (Exception ex){
...
}
建议:对于你的应用安全,永远不要建立一个SQL查询的方式你做。它打开了sql注入攻击的大门。通过此攻击,可以将恶意用户输入提升为sql代码。只有一个错误的输入可能会在查询中出现语法错误。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
Advice: for your app security, never build an sql query the way you do. It opens the door to an sql injection attack. With this attack, a malicious user input can be promoted to sql code. And just a bad input can give a syntax error in the query.
SQL injection - Wikipedia[^]
SQL Injection[^]
这篇关于异常处理无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文