试图为SQL条目创建一个投票系统(投票人必须有客户编号记录)
本文关键字:投票人 系统 记录 编号 客户 一个 SQL 创建 | 更新日期: 2023-09-27 18:11:29
我目前正在创建一个投票系统,现有用户可以通过sql数据集表投票决定其他条目是否有效(upvote/Downvote)。
每个注册的用户获得一个客户号,用户需要一个客户号来投票。当用户投票时,他们的客户号被记录在条目中,sql查询更新分数,将upvote加1或downvote加1。对每个已投票条目的投票人ID应用唯一约束,以防止重复投票,并且用户必须有客户编号才能投票。
下面的我的代码尝试这样做,但它似乎总是以消息框结束,说"错误,你不能投票,直到你在文本框中提供一个有效的客户号码"。所有的帮助是感激的,非常感谢!
protected void searchTheDB()
{
string s = "SELECT compName As 'Company/Organization Name', btcAddr As 'Bitcoin Address', Premium_User as 'Premium User'," +
"upvote as 'Upvotes',downvote As 'Downvotes' FROM clientDataTable WHERE compName LIKE '%" + searchBox.Text + "%'";
try
{
SqlConnection forSearch = new SqlConnection(connectionString);
SqlDataAdapter search = new SqlDataAdapter(s, forSearch);
DataSet dB = new DataSet();
search.Fill(dB);
searchGridView.DataSource = dB;
searchGridView.DataBind();
searchBox.Text = String.Empty;
}
catch (SqlException exp)
{
throw new InvalidOperationException("Sorry, the website is experiencing difficulties, please try again, error: ", exp);
}
}
protected void searchButton_Click(object sender, EventArgs e)
{
custVoteTextBox.Text = String.Empty;
searchTheDB();
generalLabel.Text = "results displayed below, if nothing is displayed your search returned no results";
}
protected void canUserVote()
{
submitCustNumButton_Click(new object(), new EventArgs());
string query = "INSERT INTO dbo.ClientDataTable (custNum) Values (@custNum)";
try
{
SqlConnection checkCustNum = new SqlConnection(connectionString);
SqlCommand isCustNumbValid = new SqlCommand(query, checkCustNum);
isCustNumbValid.Parameters.AddWithValue("@custNum", custNumber);
checkCustNum.Open();
isCustNumbValid.ExecuteNonQuery();
checkCustNum.Close();
}
catch (SqlException e)
{
if (e.Number == 2627) //checks if customer number is registered by activating unique constraint
{
canVote = true;
}
else //else user is not eligable to vote
{
canVote = false;
MessageBox.Show("invalid customer number, you cannot vote" + e);
}
}
}
protected void searchGridView_RowCommand(object sender, GridViewCommandEventArgs e)
{
canUserVote();//calls this method to check if user is eligable to vote with the given custNum in the textbox
if (canVote == true && custVoteTextBox.Text.Length == 8)
{
try
{
SqlConnection voteDb = new SqlConnection(connectionString);
{
switch (e.CommandName)
{
case "Upvote":
int index = Convert.ToInt32(e.CommandArgument);
GridViewRow selectedRow = searchGridView.Rows[index];
string upvoteUpdateQuery = "UPDATE dbo.clientDataTable SET upvote = @upvote WHERE compName = @compName";
SqlCommand Upvote = new SqlCommand(upvoteUpdateQuery, voteDb);
Upvote.Parameters.AddWithValue("@upvote", "@upvote" + 1);
Upvote.Parameters.AddWithValue("@compName", selectedRow.DataItem.Equals("@compName"));
string insertQuery = "INSERT INTO dbo.clientDataTable (voted) Values(@voted) WHERE compName = @compName";
SqlCommand insertVoterDetailsUpvote = new SqlCommand(insertQuery, voteDb); //inserts voter information into specific entries table
insertVoterDetailsUpvote.Parameters.AddWithValue("@voted", custNumber);
insertVoterDetailsUpvote.Parameters.AddWithValue("@compName", selectedRow.DataItem.Equals("compName"));
voteDb.Open();
Upvote.ExecuteNonQuery();
voteDb.Close();
break;
case "Downvote":
int downvoteindex = Convert.ToInt32(e.CommandArgument);
GridViewRow downvoteSelectedRow = searchGridView.Rows[downvoteindex];
string downvoteUpdateQuery = "UPDATE dbo.clientDataTable SET downvote = @downvote WHERE compName = @compName";
SqlCommand Downvote = new SqlCommand(downvoteUpdateQuery, voteDb);
Downvote.Parameters.AddWithValue("@downvote", "@downvote" + 1);
Downvote.Parameters.AddWithValue("@compName", downvoteSelectedRow.DataItem.Equals("@compName"));
string downvoteInsertQuery = "UPDATE clientDataTable SET downvote = downvote + 1 WHERE compName = @compName";
SqlCommand insertVoterDetailsDownvote = new SqlCommand(downvoteInsertQuery, voteDb); //inserts voter information into specific entries table
insertVoterDetailsDownvote.Parameters.AddWithValue("@voted", custNumber);
insertVoterDetailsDownvote.Parameters.AddWithValue("@compName", downvoteSelectedRow.DataItem.Equals("@compName"));
voteDb.Open();
Downvote.ExecuteNonQuery();
voteDb.Close();
break;
}
}
}
catch (SqlException exp)
{
if (exp.Number == 2627)
{
MessageBox.Show("Sorry, you have already voted");
}
else
{
throw new InvalidOperationException("Sorry, the website is experiencing difficulties, please try again, error: ", exp);
}
}
}
else
{
MessageBox.Show("error, invalid customer number in the Textbox");
}
}
protected void submitCustNumButton_Click(object sender, EventArgs e)
{
int custNo = int.Parse(custVoteTextBox.Text);
this.custNumber = custNo;
}
我不能从你的代码中确定,但似乎custNumber
是一个文本框,所以不是:
if (canVote == true && custNumber.ToString().Length == 9)
你应该有:
if (canVote == true && custNumber.Text.Length == 9)
如果我错了,它不是一个文本框,在那行上放一个断点,看看custNumber.ToString()
实际上等于什么。
还要注意,您的代码很容易受到SQL注入攻击。这里有一些关于这个主题的有趣阅读。如何从"Bobby tables"中注入SQL ?XKCD漫画作品?