c# 中的标量变量声明
Scalar Variable Declaration in c#
当我尝试检查数据库中的密码和用户名是否正确时出现以下错误。
这里出现如下错误:
An exception of type 'System.Data.SqlClient.SqlException' occurred in
System.Data.dll but was not handled in user code
Additional information: Must declare the scalar variable "@username".
错误指向 string password = cmd2.ExecuteScalar().ToString();
我只是想简单地检查密码是否正确并分配给用户名输入。
目前的代码如下:
protected void SubmitBtn_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(@"Data Source=(LocalDB)\v11.0; AttachDbFilename=C:\Users\Donald\Documents\Visual Studio 2013\Projects\DesktopApplication\DesktopApplication\Student_CB.mdf ;Integrated Security=True");
conn.Open();
string sql = "Select count(*) from Student Where Student_Username=@username";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@username", usernameTxt.Text);
int temp = Convert.ToInt32(cmd.ExecuteScalar().ToString());
conn.Close();
if (temp == 1)
{
conn.Open();
string checkPassword = "Select Student_Password from Student Where Student_Username=@username";
SqlCommand cmd2 = new SqlCommand(checkPassword, conn);
string password = cmd2.ExecuteScalar().ToString();
if (password == passwordTxt.Text)
{
Session["New"] = usernameTxt.Text;
Response.Write("corret");
}
else
{
Response.Write("incorrect");
}
}
else
{
Response.Write("username is incorret");
}
}
Type-o,你忘了 @
cmd.Parameters.AddWithValue("@username", usernameTxt.Text);
另一个不相关的问题是你没有在 finally 阻塞时关闭你的连接。如果您有 sql 异常,您的连接将保持打开状态,这并不好。解决此问题的最简单方法是将连接创建包装在 using 块中。
编辑
我看到这里有一些改进的余地。一切都可以真正放入单个数据库调用中。要读回数据,您真的应该使用 DataReader 而不是 ExecuteScalar。
protected void SubmitBtn_Click(object sender, EventArgs e)
{
var conStr = @"Data Source=(LocalDB)\v11.0; AttachDbFilename=C:\Users\Donald\Documents\Visual Studio 2013\Projects\DesktopApplication\DesktopApplication\Student_CB.mdf ;Integrated Security=True";
bool userExists = false;
string password = null;
using(SqlConnection conn = new SqlConnection(conStr))
{
conn.Open();
string sql = "Select Student_Password from Student Where Student_Username=@username";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@username", usernameTxt.Text);
using(var reader = cmd.ExecuteReader())
{
if(reader.Read()) // if there is a record there is a user so get the password
{
userExists = true;
password = reader.GetString(0); // get string in position 0
}
}
}
if (userExists)
{
if (password == passwordTxt.Text)
{
Session["New"] = usernameTxt.Text;
Response.Write("corret");
}
else
{
Response.Write("incorrect");
}
}
else
{
Response.Write("username is incorret");
}
}
您忘记了命令中的 @。例如:
cmd.Parameters.AddWithValue("@username", usernameTxt.Text);
在由 cmd2 定义的第二个命令中,您没有定义 username 参数,例如:
SqlCommand cmd2 = new SqlCommand(checkPassword, conn);
cmd2.Parameters.AddWithValue("@username", usernameTxt.Text);
string password = cmd2.ExecuteScalar().ToString();
ExecuteScalar 将执行查询并 return 第一行第一列中的值。就是它,但这并不意味着你不能取空值。如果在读取值之前检查值是否不为 null 应该很好。
当我尝试检查数据库中的密码和用户名是否正确时出现以下错误。
这里出现如下错误:
An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code
Additional information: Must declare the scalar variable "@username".
错误指向 string password = cmd2.ExecuteScalar().ToString();
我只是想简单地检查密码是否正确并分配给用户名输入。
目前的代码如下:
protected void SubmitBtn_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection(@"Data Source=(LocalDB)\v11.0; AttachDbFilename=C:\Users\Donald\Documents\Visual Studio 2013\Projects\DesktopApplication\DesktopApplication\Student_CB.mdf ;Integrated Security=True");
conn.Open();
string sql = "Select count(*) from Student Where Student_Username=@username";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@username", usernameTxt.Text);
int temp = Convert.ToInt32(cmd.ExecuteScalar().ToString());
conn.Close();
if (temp == 1)
{
conn.Open();
string checkPassword = "Select Student_Password from Student Where Student_Username=@username";
SqlCommand cmd2 = new SqlCommand(checkPassword, conn);
string password = cmd2.ExecuteScalar().ToString();
if (password == passwordTxt.Text)
{
Session["New"] = usernameTxt.Text;
Response.Write("corret");
}
else
{
Response.Write("incorrect");
}
}
else
{
Response.Write("username is incorret");
}
}
Type-o,你忘了 @
cmd.Parameters.AddWithValue("@username", usernameTxt.Text);
另一个不相关的问题是你没有在 finally 阻塞时关闭你的连接。如果您有 sql 异常,您的连接将保持打开状态,这并不好。解决此问题的最简单方法是将连接创建包装在 using 块中。
编辑
我看到这里有一些改进的余地。一切都可以真正放入单个数据库调用中。要读回数据,您真的应该使用 DataReader 而不是 ExecuteScalar。
protected void SubmitBtn_Click(object sender, EventArgs e)
{
var conStr = @"Data Source=(LocalDB)\v11.0; AttachDbFilename=C:\Users\Donald\Documents\Visual Studio 2013\Projects\DesktopApplication\DesktopApplication\Student_CB.mdf ;Integrated Security=True";
bool userExists = false;
string password = null;
using(SqlConnection conn = new SqlConnection(conStr))
{
conn.Open();
string sql = "Select Student_Password from Student Where Student_Username=@username";
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.AddWithValue("@username", usernameTxt.Text);
using(var reader = cmd.ExecuteReader())
{
if(reader.Read()) // if there is a record there is a user so get the password
{
userExists = true;
password = reader.GetString(0); // get string in position 0
}
}
}
if (userExists)
{
if (password == passwordTxt.Text)
{
Session["New"] = usernameTxt.Text;
Response.Write("corret");
}
else
{
Response.Write("incorrect");
}
}
else
{
Response.Write("username is incorret");
}
}
您忘记了命令中的 @。例如:
cmd.Parameters.AddWithValue("@username", usernameTxt.Text);
在由 cmd2 定义的第二个命令中,您没有定义 username 参数,例如:
SqlCommand cmd2 = new SqlCommand(checkPassword, conn);
cmd2.Parameters.AddWithValue("@username", usernameTxt.Text);
string password = cmd2.ExecuteScalar().ToString();
ExecuteScalar 将执行查询并 return 第一行第一列中的值。就是它,但这并不意味着你不能取空值。如果在读取值之前检查值是否不为 null 应该很好。