检测空值和替换字符串c#
本文关键字:字符串 替换 空值 检测 | 更新日期: 2023-09-27 18:02:31
我目前有一些问题与我的CSV到SQL转换器。该程序用于创建命令来编辑数据库用户列表,更新或添加新用户列表。我的问题是,如果用户没有在CSV文件中设置密码,我希望它被设置为用户id。我目前得到这个IF语句试图检测字符串是否为空,但它总是说字符串为空,并给我设置弹出框,即使我在单元格中有文本。
if (password != null)
{
System.Windows.Forms.MessageBox.Show("Setting Password to User ID");
}
我也试过password = password.replace(userid),但它不会改变字符串。如果有帮助,我把我的全部代码包含在下面。
private void LoadBtn_Click(object sender, EventArgs e)
{
//Opens a browse box to allow the user to select which file, only CSV's allow allowed
OpenFileDialog openFileDialog1 = new OpenFileDialog();
openFileDialog1.Filter = "CSV Files (*.csv)|*.csv";
openFileDialog1.FilterIndex = 1;
//empties text box when clicked | loads file location and name to load directory text box at top
if (openFileDialog1.ShowDialog() == System.Windows.Forms.DialogResult.OK)
{
ConvertedText.Text = string.Empty;
LoadDirectory.Text = openFileDialog1.FileName.ToString();
}
string filename = LoadDirectory.Text;
string[] Lines = File.ReadAllLines(filename);
string[] Fields;
for (int i = 1; i < Lines.Length; i++)
{
string outfile = "";
Fields = Lines[i].Split(new char[] { ',' });
string userid = Fields[0];
string password = Fields[1];
string fullname = Fields[2];
string address = Fields[3];
string telephone = Fields[4];
string email = Fields[5];
string role = Fields[6];
string department = Fields[7];
if (password != null)
{
System.Windows.Forms.MessageBox.Show("Setting Password to User ID");
}
outfile += "IF exists (SELECT USERID FROM WUSERS WHERE USERID='" + userid + "')" + Environment.NewLine;
outfile += "begin" + Environment.NewLine;
outfile += Environment.NewLine;
outfile += "-- Update it" + Environment.NewLine;
outfile += "print 'updated'" + Environment.NewLine;
outfile += "update WUSERS set FULLNAME= '" + fullname + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set PW= '" + password + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set addr= '" + address + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set telno= '" + telephone + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set email= '" + email + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set ROLEID= '" + role + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "update WUSERS set dept= '" + department + "' where userid= '" + userid + "'" + Environment.NewLine;
outfile += "end" + Environment.NewLine;
outfile += "else" + Environment.NewLine;
outfile += "begin" + Environment.NewLine;
outfile += "-- add it" + Environment.NewLine;
outfile += "print 'added'" + Environment.NewLine;
outfile += "insert into WUSERS (USERID,PW,FULLNAME,ADDR,TELNO,EMAIL,ROLEID,DEPT) Values ('" + userid + "','" + password + "','" + fullname + "','" + address + "','" + telephone + "','" + email + "','" + role + "','" + department + "')";
outfile += Environment.NewLine;
outfile += "end";
outfile += Environment.NewLine;
outfile += Environment.NewLine;
outfile += Environment.NewLine;
outfile += "-----------------------------------------------------------------------------------------------------------------------------------------------";
outfile += Environment.NewLine;
outfile += Environment.NewLine;
outfile += Environment.NewLine;
ConvertedText.AppendText(outfile);
}
}
事先感谢您的意见。
欧文
也许你想
if (password == null)
但是我建议你使用更完整的
if(string.IsNullOrWhiteSpace(password))
...error message...
说我不得不警告你后面的代码。我希望所有这些UPDATE WUSERS不是用来真正更新数据库的。这种字符串连接方法的问题是众所周知的,从更简单的到最糟糕的,语法错误,解析错误,Sql注入攻击。
考虑现有方法
与其直接与null比较,不如根据您的偏好/需求使用更合适的方法,如String.IsNullOrEmpty()或String.IsNullorWhiteSpace()方法:
if (!String.IsNullOrEmpty(password))
{
System.Windows.Forms.MessageBox.Show("Setting Password to User ID");
}
使用参数化代替字符串连接
你现有的代码目前让你容易受到SQL注入攻击,因为你只是连接值来构建你的查询,如下所示:
"... SELECT WHERE USERID='" + userid + "')" + Environment.NewLine;
你应该考虑的是在你的查询中使用参数,然后在执行之前设置这些参数的值:
"... SELECT WHERE USERID= @userid)" + Environment.NewLine;
这不仅可以更好地保护您免受SQL注入的危害,而且还可以使您的查询更容易阅读,并减少弹出与排版相关的语法错误的可能性(例如,值周围缺少引号等)。