异常处理无法正常工作 [英] Exception handling not working

查看:73
本文介绍了异常处理无法正常工作的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我有一个SQL数据库的搜索代码,当我搜索存在的数据时,它运行得很好,但是如果我搜索不在数据库上的数据,则异常处理不起作用。



我尝试过:



i have a search code fro SQL database, when i'm searching for an data which is exist it works perfectly, but if i search for something which is not on the database exception handling is not working.

What I have tried:

//Search from Student table in srsjason database //BY ID//
        public Student SearchbyID(string sid)
        {

            Student SOB = new Student();
            try
            {
                string sql = "select * from Student where Student_ID = '" + sid + "' ";
                SqlCommand cmd = new SqlCommand(sql, m_con);
                m_con.Open();

                SqlDataReader dreader = cmd.ExecuteReader();
                if (dreader.Read())
                {
                    SOB.setStudentID(dreader[0].ToString());
                    SOB.setTitle(dreader[1].ToString());
                    SOB.setFulname(dreader[2].ToString());
                    SOB.setAddress(dreader[3].ToString());
                    SOB.setContact(Convert.ToInt32(dreader[4].ToString()));         //Int
                    SOB.setemail(dreader[5].ToString());
                    SOB.setDOB(Convert.ToDateTime(dreader[6].ToString()));          //DateTime
                    SOB.setUN(dreader[7].ToString());
                    SOB.setPW(dreader[8].ToString());
                }
                else
                {
                    SOB.setStudentID(null);
                }
                dreader.Close();
            }
            catch (Exception ex)
            {
                MessageBox.Show(" No Student Record Found!!");
            }
            finally
            {
                m_con.Close();
            }
            return SOB;
        }

推荐答案

这是因为该命令不会抛出异常,除了文档中列出的原因: SqlCommand.ExecuteReader Method(System.Data.SqlClient) [< a href =https://msdn.microsoft.com/en-us/library/9kcbe65k(v=vs.110).aspx\"target =_ blanktitle =New Window> ^ ]。
That is because the command does not throw an exception, other than for the reasons listed in the documentation: SqlCommand.ExecuteReader Method (System.Data.SqlClient)[^] .


在你调用cmd.ExecuteReader()之后你会做这样的事情:

After your call to cmd.ExecuteReader() you would do something like this:
try{
....
  dreader = cmd.ExecuteReader();
  if (dreader.HasRows){
    dreader.Read();
    ...
  }
  else
  {
   // no record found.  HasRows = false
  }
}
catch (SqlException sqlEx){
 // do something
}
catch (Exception ex){
...
}


建议:对于你的应用安全,永远不要建立一个SQL查询的方式你做。它打开了sql注入攻击的大门。通过此攻击,可以将恶意用户输入提升为sql代码。只有一个错误的输入可能会在查询中出现语法错误。



SQL注入 - 维基百科 [ ^ ]

SQL注入 [ ^ ]
Advice: for your app security, never build an sql query the way you do. It opens the door to an sql injection attack. With this attack, a malicious user input can be promoted to sql code. And just a bad input can give a syntax error in the query.

SQL injection - Wikipedia[^]
SQL Injection[^]


这篇关于异常处理无法正常工作的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆