检查sql datatable对于c#是空的? [英] checking sql datatable is empty for c#?
本文介绍了检查sql datatable对于c#是空的?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
问候,
i有这样的代码;
greetings,
i have a code like this;
SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog=TESTDB;Integrated Security=True");
SqlDataAdapter sda = new SqlDataAdapter("SELECT * FROM Project where Info= '" + textBox1.Text + "'", con);
DataTable dt = new DataTable();
sda.Fill(dt);
if (dt.Rows[0][0] != DBNull.Value)
{
textBox1.Text = dt.Rows[0][0].ToString();
textBox2.Text = dt.Rows[0][1].ToString();
textBox3.Text = dt.Rows[0][2].ToString();
textBox4.Text = dt.Rows[0][3].ToString();
}
else
{
MessageBox.Show ("Please Check Info!");
}
我的sql表上有4行。我在textbox1上写了必要的信息,而不是按一个按钮。之后,其他文本框直接从sqlserver获取数据。但是当我写一个不包含在dt.Rows [0] [0]中的信息时,我的代码就会崩溃。请检查我的if条件并告诉我它有什么问题。我怎么能写这个例外?
i have 4 rows on my sql table. i'm writing necessary info on textbox1 and than pressing a button. After than other textboxes gets data directly from sqlserver. But when i write a info that is not including in dt.Rows[0][0], my code crushes. please check my if condition and tell me what is wrong about it. How can i write this exception?
推荐答案
首先关闭:
了解SQL注入和创建SQL注入证明ASP.NET应用程序 [ ^ ]
永远不要根据用户输入创建查询。
你见过爸爸了吗?他的名字是 '; drop table *;'
Ok - dt.Rows可能为空,因此dt.Rows [0]将是一个越界错误。
附上一张支票:
First off:
Understanding SQL Injection and Creating SQL Injection Proof ASP.NET Applications[^]
Never create queries from user input.
Have you met my Dad? His name is '; drop table *;'
Ok - dt.Rows may be empty so dt.Rows[0] will be an "out of bounds" error.
Add a check around it:
SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog=TESTDB;Integrated Security=True");
//Paramterized query. Much safer!
SqlCommand com = new SqlCommand("SELECT * FROM Project where Info=@param", con);
com.Parameters.Add(new SqlParameter("@param", SqlDbType.VarChar) { Value = textBox1.Text });
SqlDataAdapter sda = new SqlDataAdapter();
DataTable dt = new DataTable();
sda.Fill(dt);
//If the first check fails then it will not process the second
if (dt.Rows.Count > 0 && dt.Rows[0][0] != DBNull.Value)
{
textBox1.Text = dt.Rows[0][0].ToString();
textBox2.Text = dt.Rows[0][1].ToString();
textBox3.Text = dt.Rows[0][2].ToString();
textBox4.Text = dt.Rows[0][3].ToString();
}
else
{
MessageBox.Show("Please Check Info!");
}
改为尝试:
Try this instead:
if (dt.Rows.Count > 0)
{
...
你可以使用:
You could use:
if (dt.Rows.Count > 0 && dt.Columns.Count > 0)
{
...但它没有必要。
检查数据调用是否实际返回数据是一个好习惯在尝试使用它之前。
在您的实例中,检查您的DataTable包含数据将是执行此操作的地方。一个简单的测试是检查DataTable.Rows.Count属性是否大于零。
类似于:
Hi,
It's good practice to check if your data calls actually return data before trying to use any of it.
In your instance, checking that your DataTable contains data would be the place to do this. A simple test would be to check the DataTable.Rows.Count property is greater than zero.
Something like:
SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog=TESTDB;Integrated Security=True");
SqlCommand com = new SqlCommand("SELECT * FROM Project WHERE Info=@InfoParam", con);
com.Parameters.AddWithValue("@InfoParam", textBox1.Text);
DataTable dt = new DataTable();
sda.Fill(dt);
if ((dt.Rows.Count>0)&&(dt.Rows[0][0] != DBNull.Value))
{
textBox1.Text = dt.Rows[0][0].ToString();
textBox2.Text = dt.Rows[0][1].ToString();
textBox3.Text = dt.Rows[0][2].ToString();
textBox4.Text = dt.Rows[0][3].ToString();
}
else
{
MessageBox.Show ("Please Check Info!");
}
...希望有所帮助。
... hope it helps.
这篇关于检查sql datatable对于c#是空的?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
