不同职位用户登录

Login for users of different positions

我是项目登录功能的新手,正在尝试为我的组进行登录,该组由 3 个用户组成,即护士、患者和药剂师。我想我即将完成腰部过程,但我的方法之一有问题,LoginDAO.cs 中的 getPosition()。到目前为止,我还没有为病人和药剂师做任何登录代码,因为我需要我的团队伙伴的部分才能工作,但下面显示的是我所做的。不知何故,login(string nric, string pw) 有效,但 getPosition(string nric) 无效。这是我从错误日志中得到的错误: 例外:必须声明标量变量“@paraNRIC”。资料来源:LoginDAO.getPosition 提前致谢 :D

protected void btnLogin_Click(object sender, EventArgs e)
{
    login login = new login();
    login.nric = tbLoginID.Text;
    login.pw = tbPassword.Text;
    if (login.userLogin(login.nric, login.pw))
    {
        if (login.getPosition(login.nric) == "Nurse")
        {
            Response.Redirect("Nurse.aspx");
        }
        else if (login.getPosition(login.nric) == "Patient")
        {
            Response.Redirect("Patient.aspx");
        }
        else if (login.getPosition(login.nric) == "Pharmacist")
        {
            Response.Redirect("PharmacistDisplay.aspx");
        }
    }
    else
    {
        lblErr.Text = "Invalid account.";
    }
}

public bool login(string nric, string pw)
{
    bool flag = false;
    SqlCommand cmd = new SqlCommand();
    StringBuilder sqlStr = new StringBuilder();

    sqlStr.AppendLine("SELECT Password from Position");
    sqlStr.AppendLine("Where NRIC = @paraNRIC");
    try
    {
        SqlConnection myconn = new SqlConnection(DBConnect);
        cmd = new SqlCommand(sqlStr.ToString(), myconn);

        cmd.Parameters.AddWithValue("@paraNRIC", nric);

        DataTable dt = new DataTable();
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        da.Fill(dt);
        if (dt == null)
        {
            flag = false;
        }
        else
        {
            string dbhashedpw = dt.Rows[0]["Password"].ToString();
            flag = Helper.VerifyHash(pw, "SHA512", dbhashedpw);
        }
    }
    catch (Exception exc)
    {
        logManager log = new logManager();
        log.addLog("NurseDAO.login", sqlStr.ToString(), exc);
    }


    return flag;
}

public string getPosition(string nric)
{
    string dbPosition = "";
    int result = 0;
    SqlCommand cmd = new SqlCommand();

    StringBuilder sqlStr = new StringBuilder();
    sqlStr.AppendLine("SELECT Position from Position ");
    sqlStr.AppendLine("where NRIC = @paraNRIC");

    cmd.Parameters.AddWithValue("@paraNRIC", nric);
    try
    {
        SqlConnection myconn = new SqlConnection(DBConnect);
        cmd = new SqlCommand(sqlStr.ToString(), myconn);
        DataTable dt = new DataTable();
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        da.Fill(dt);

        myconn.Open();
        result = cmd.ExecuteNonQuery();
        dbPosition = dt.Rows[0]["Position"].ToString();
        myconn.Close();
    }
    catch (Exception exc)
    {
        logManager log = new logManager();
        log.addLog("LoginDAO.getPosition", sqlStr.ToString(), exc);
    }


    return dbPosition;
`}

您可以更改此行

sqlStr.AppendLine("where NRIC = @paraNRIC");

为此

sqlStr.AppendLine("where NRIC = '" + nric + "'");

并完全避免使用参数。

你的错误在这里:

SqlCommand cmd = new SqlCommand();
// lines omitted
cmd.Parameters.AddWithValue("@paraNRIC", nric);
try
{
    SqlConnection myconn = new SqlConnection(DBConnect);
    cmd = new SqlCommand(sqlStr.ToString(), myconn);
    DataTable dt = new DataTable();
    SqlDataAdapter da = new SqlDataAdapter(cmd);
    da.Fill(dt);

请注意,您正在实例化 cmd 两次。该代码将参数添加到第一个 SqlCommand 实例,但执行第二个实例。

要解决,请确保在调用的 SqlCommand 实例上声明参数:

public string getPosition(string nric)
{
    string dbPosition = "";
    int result = 0;
    // remove this line: SqlCommand cmd = new SqlCommand();

    StringBuilder sqlStr = new StringBuilder();
    sqlStr.AppendLine("SELECT Position from Position ");
    sqlStr.AppendLine("where NRIC = @paraNRIC");
    // move parameter declaration until after you declare cmd
    try
    {
        SqlConnection myconn = new SqlConnection(DBConnect);
        SqlCommand cmd = new SqlCommand(sqlStr.ToString(), myconn);
        // add the parameters here:
        cmd.Parameters.AddWithValue("@paraNRIC", nric);
        // code continues