如果正确的囚犯，输入字符串不是 [英] Input String Is Not if Correct Formate

问题描述

  Imports  System.Data 
  Imports  System。 Data.SqlClient 
 
  Partial   Class  _Default 
 继承 System.Web.UI.Page 
  Dim  strcon  As  字符串 = ConfigurationManager.ConnectionStrings（  dbconnection ）。ConnectionString 
  Dim  con  As  新 SqlConnection（strcon）
  Dim  com  As  整数 =  0  
  Dim  suname  As  字符串 
 
 //我得到错误表示输入字符串   不 如果 Correct Formate 
 
 受保护的  Sub  Page_Load（ ByVal  sender 作为 对象， ByVal  e  As  System.EventArgs）句柄  MyBase  .Load 
  Dim  cmd  As  新 SqlCommand（ 从tbl_abc中选择*，其中uname =' +会话（  mail）+  '，con）
  Dim  da  As  新 SqlDataAdapter（cmd ）
  Dim  dt  As  新 DataTable（）
 da.Fill（dt）
 suname = dt.Rows（ 0 ）（ 3 ）。ToString（）
 
  Dim  amount  As  整数 
 对于金额=  1     8  
 如果 suname = 字符串 .IsNullOrEmpty（suname）然后 
 com + =  20  
 否则 
 com = < span class =code-digit> 0  
 结束 如果 
 下一页金额
 
 MsgBox（com）
 结束 < span class =code-keyword> Sub  

解决方案

这是一些混乱的代码。

单独看这个部分：

  Dim  com 正如 整数 =  0  
  Dim  suname  As   String  
 ... 
 如果 suname = 字符串 .IsNullO rEmpty（suname）然后 

由于 suname 是一个字符串，并且 IsNullOrEmpty 返回一个布尔值，编译器隐式地将布尔值转换为字符串，所以除非从数据库返回的名称为True或False，否则您的代码不会出现永远添加20到 com ...



您还需要查看Session变量的内容为了解决直接问题 - 没有你不知道你传递给SQL的字符串是哪个字符串，这是你注意到的错误的关键。



添加一些日志记录，使用调试器或类似的东西在用于构建SQL字符串之前向您报告值 - 这是您正确解决出错的唯一方法。



当你把它整理出来时，就这样停止吧！

不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。

这样做..

 如果  suname =  字符串 .IsNullOrEmpty（suname）然后 

 如果 字符串 .IsNullOrEmpty（suname）然后 

Imports System.Data
Imports System.Data.SqlClient

Partial Class _Default
    Inherits System.Web.UI.Page
    Dim strcon As String =  ConfigurationManager.ConnectionStrings("dbconnection").ConnectionString
    Dim con As New SqlConnection(strcon)
    Dim com As Integer = 0
    Dim suname As String

    //I got the Error that Input String Is Not if Correct Formate

    Protected Sub Page_Load(ByVal sender As Object, ByVal e As System.EventArgs) Handles MyBase.Load
        Dim cmd As New SqlCommand("Select * from tbl_abc where uname='" + Session("mail") + "'", con)
        Dim da As New SqlDataAdapter(cmd)
        Dim dt As New DataTable()
        da.Fill(dt)
        suname = dt.Rows(0)(3).ToString()

        Dim amount As Integer
        For amount = 1 To 8
            If suname = String.IsNullOrEmpty(suname) Then
                com += 20
            Else
                com = 0
            End If
        Next amount

        MsgBox(com)
    End Sub

解决方案

That is some confused code.
Look at this part alone:

Dim com As Integer = 0
Dim suname As String
...
        If suname = String.IsNullOrEmpty(suname) Then

Since suname is a String, and IsNullOrEmpty returns a Boolean value, the compiler with implicitly cast the Boolean to a string, so unless the name you get back from the database is "True" or "False" your code isn't going to ever add 20 to com...

You also need to look at the content of your Session variable in order to sort out the direct problem - without that you have no idea what string you are passing to SQL which is the crux of the error you have noticed.

Add some logging, use the debugger, or similar to report the value to you before it is used to build the SQL string - it's the only way you are going work out exactly what is going wrong.

And when you have sorted that out, stop doing it like that!
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

do like this..

If suname = String.IsNullOrEmpty(suname) Then

If   String.IsNullOrEmpty(suname) Then

这篇关于如果正确的囚犯，输入字符串不是的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！