如何检查SQL数据库是否已输入用户名
本文关键字:是否 输入 用户 数据库 SQL 何检查 检查 | 更新日期: 2023-09-27 18:25:45
我已经编写了这个注册表单,它将数据添加到我的SQL Server数据库中。当用户输入的用户名已经在数据库中时,我想要的是一个异常。
protected void Button1_Click(object sender, EventArgs e)
{
try
{
SqlConnection conn2 = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
conn2.Open();
string CheckUser = "select Username from UserData where Username like @Username";
SqlCommand com2 = new SqlCommand(CheckUser, conn2);
com2.Parameters.AddWithValue("@Username", "'%"+ UsernameTextBox.Text +"%'");
com2.ExecuteNonQuery();
int IsMatch = Convert.ToInt32(com2.ExecuteScalar().ToString());
conn2.Close();
if (IsMatch == 0)
{
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString);
conn.Open();
string InsertQuery = "insert into UserData (Username, Email, Password, Country) values (@Username, @Email, @Password, @Country)";
SqlCommand com = new SqlCommand(InsertQuery, conn);
com.Parameters.AddWithValue("@Username", UsernameTextBox.Text);
com.Parameters.AddWithValue("@Email", EmailTextBox.Text);
com.Parameters.AddWithValue("@Password", PasswordTextBox.Text);
com.Parameters.AddWithValue("@Country", CountryDropDownList.SelectedItem.ToString());
com.ExecuteNonQuery();
Response.Redirect("Manager.aspx");
conn.Close();
}
else
{
Response.Write("User Already Exists!");
}
}
catch (Exception ex)
{
Response.Write(Convert.ToString(ex));
}
}
当我运行它时,我在下面的行中得到一个异常:
int IsMatch = Convert.ToInt32(com2.ExecuteScalar().ToString());
Blam的第二个解决方案有效,但IsMatch可以通过转换为int而不是转换为字符串和解析来简化一点。
这也应该在数据库级别进行处理。在用户名栏上设置一个主键:
ALTER TABLE UserData ADD CONSTRAINT
PK_UserData PRIMARY KEY CLUSTERED (Username)
如果你这样做,那么你甚至不必明确地检查重复项,你只需要尝试创建用户,并在失败时处理异常:
try
{
using (var conn = new SqlConnection((ConfigurationManager.ConnectionStrings["RegistrationConnectionString"].ConnectionString)))
{
conn.Open();
#if DOUBLE_CHECK
string CheckUser = "select count(*) from UserData where Username = @Username";
SqlCommand com2 = new SqlCommand(CheckUser, conn);
com2.Parameters.AddWithValue("@Username", UsernameTextBox.Text);
if ((int)com2.ExecuteScalar() > 0)
{
Response.Write("User already exists");
return;
}
#endif
string InsertQuerry = "insert into UserData (Username,Email,Password,Country) values (@Username,@Email,@Password,@Country)";
SqlCommand com = new SqlCommand(InsertQuerry, conn);
com.Parameters.AddWithValue("@Username", UsernameTextBox.Text);
com.Parameters.AddWithValue("@Email", EmailTextBox.Text);
com.Parameters.AddWithValue("@Password", PasswordTextBox.Text);
com.Parameters.AddWithValue("@Country", CountryDropDownList.SelectedItem.ToString());
com.ExecuteNonQuery();
Response.Redirect("Manager.aspx");
}
}
catch (SqlException se)
{
if (se.Errors.OfType<SqlError>().Any(e => e.Number == 2627))
{
Response.Write("User already exists");
}
else
{
Response.Write(se.ToString());
}
}
catch (Exception ex)
{
Response.Write(ex.ToString());
}
如果以这种方式处理异常,则#If DOUBLE_CHECK部分是多余的,可以删除。尝试添加重复的名称将导致SQL错误和异常,这将检测并处理"重复密钥"错误。
代码上的两个无关注释:
- Response.RRedirect()将中止当前线程,并且不会调用您的conn.Close()。使用using()确保它被调用
- 将密码以明文形式存储在数据库中是一场等待发生的灾难。请看一下在数据库中存储密码的最佳方式,了解如何正确执行此操作
这不会返回整数
string CheckUser = "select count(*) from UserData where Username like @Username";
SqlCommand com2 = new SqlCommand(CheckUser, conn2);
com2.Parameters.AddWithValue("@Username", "'%"+ UsernameTextBox.Text +"%'");
int IsMatch = Convert.ToInt32(com2.ExecuteScalar().ToString());
而且您不需要使用两个不同的连接
只需使用一个并在Finally中关闭它。
string CheckUser = "select count(*) from UserData where Username = @Username";
SqlCommand com2 = new SqlCommand(CheckUser, conn2);
com2.Parameters.AddWithValue("@Username", UsernameTextBox.Text );
int IsMatch = Convert.ToInt32(com2.ExecuteScalar().ToString());
返回0或1。这应该可以解决您的问题。看起来您需要返回一个int类型。如果你愿意,你也可以把它改成bool。不管怎样,这个sql语句都会有所帮助!:)
select
isnull(convert(bit,(select top 1 case
when username != '' then 1
else 0 end
from UserData
where username like @Username)),0)