DataReader 不读取我的 if 代码
本文关键字:if 代码 我的 读取 DataReader | 更新日期: 2023-09-27 18:32:52
我有一个登录信息,我把更改密码放在里面。我有此代码用于更新数据库中的密码信息。但是如果它是 true,它不会读取我的数据读取器,但如果它是 false,它会读取它,并更改我的数据库中的密码。
public void ChangePass()
{
sc.Open();
try
{
if (_oldpass == "" || _newpass == "" || _conpass == "")
{
string message = "Must fill up all the fields!";
string title = "Voting System Error Message";
MessageBox.Show(message, title, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
else
{
cmd = new SqlCommand("SELECT password FROM TableLogin WHERE password = '" + _oldpass + "'", sc);
SqlDataReader dr = cmd.ExecuteReader();
if (dr.Read() == true)
{
sc.Close();
if (_newpass == _conpass)
{
sc.Open();
cmd = new SqlCommand("UPDATE TableLogin SET password = '" + _newpass + "' WHERE username = 'admin'", sc);
SqlDataReader sdr = cmd.ExecuteReader();
if (sdr.Read() == true)
{
MessageBox.Show("Successfully Changed!");
//This part does not read if true.. but if sdr.Read() == false it changes the password from my database.
}
}
else
{
string message = "New Password and Confirm Password does not match!";
string title = "Voting System Error Message";
MessageBox.Show(message, title, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
else
{
string message = "Wrong Old Password!";
string title = "Voting System Error Message";
MessageBox.Show(message, title, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
sc.Close();
}
}
我不明白,为什么?
我想sql中的Update语句不会返回记录,因此读取不会返回true。您应该改用ExecuteNonQuery。
if (cmd.ExecuteNonQuery() > 0)
{
MessageBox.Show("Successfully Changed!");
}
顺便说一句,如注释中所述,使用参数化查询来防止SQL注入。
以下是CW,因为它确实是一个很大的评论。我会对您的代码进行许多更改。以下是一些重要的:
public void ChangePass()
{
// Not very important, but this doesn't need to be in the try/catch
if (_oldpass == "" || _newpass == "" || _conpass == "")
{
var message = "Must fill up all the fields!";
var title = "Voting System Error Message";
MessageBox.Show(message, title, MessageBoxButtons.OK, MessageBoxIcon.Error);
return;
}
try
{
sc.Open();
// SqlCommand, SqlDataReader, and anything else you create that implements
// IDisposable, needs to be in a using block
using (var cmd = new SqlCommand("SELECT password FROM TableLogin WHERE password = @Password", sc))
{
// As others have said, use parameters to avoid SQL Injection Attacks
cmd.Parameters.AddWithValue("@Password", _oldpass);
using (var dr = cmd.ExecuteReader())
{
if (dr.Read()) // You don't need == true
{
if (_newpass == _conpass)
{
// Separate SqlCommand and use a using block
using (
var updateCommand =
new SqlCommand(
"UPDATE TableLogin SET password = @Password WHERE username = 'admin'",
sc))
{
// and a parameter
updateCommand.Parameters.AddWithValue("@Password", _newpass);
// Use ExecuteNonQuery, and check affected rows
var rowsAffected = updateCommand.ExecuteNonQuery();
if (rowsAffected == 1)
{
MessageBox.Show("Successfully Changed!");
}
}
}
else
{
var message = "New Password and Confirm Password does not match!";
var title = "Voting System Error Message";
MessageBox.Show(message, title, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
else
{
var message = "Wrong Old Password!";
var title = "Voting System Error Message";
MessageBox.Show(message, title, MessageBoxButtons.OK, MessageBoxIcon.Error);
}
}
}
}
catch (Exception ex)
{
// For troubleshooting purposes, display the entire exception
MessageBox.Show(ex.ToString());
}
finally
{
sc.Close();
}
}