代码之家 › 专栏 › 技术社区 › Nagaraj Tantri

使用executenonquery时,表未得到更新

ado.net visual-studio-2008 sql c#

Nagaraj Tantri · 技术社区 · 14 年前

我正在尝试更改用户密码。我无法更新密码:(。我收到的信息是密码更改,因为它不会被更改。. 我的代码如下……如果有人能告诉我哪里出了问题,请。我只是个初学者…

protected void Button1_Click(object sender, EventArgs e)
{
    DatabaseLayer data = new DatabaseLayer();

    string username = Session["Authenticate"].ToString();
    string password = TextBox1.Text;
    string newpass = TextBox2.Text;
    string confirm = TextBox3.Text;
    string flag = "";

    if (newpass.ToString() == confirm.ToString())
    {
        flag = data.passwordChange(username, password, newpass);
        Literal1.Text = flag.ToString();
    }
    else
    {
        Literal1.Text = "New Password does not match the Confirm Password ";
    }
}

上面的click事件必须更改我的密码,函数passwordChange如下所示。

public string passwordChange(string username, string password, string newPasswd)
{
    string SQLQuery = "SELECT password FROM LoginAccount WHERE username = '" + username + "'";
    string SQLQuery1 = "UPDATE LoginAccount SET password = ' " + newPasswd + " ' WHERE username = ' " + username + "'";
    SqlCommand command = new SqlCommand(SQLQuery, sqlConnection);
    SqlCommand command1 = new SqlCommand(SQLQuery1, sqlConnection);

    sqlConnection.Open();
    string sqlPassword = "";
    SqlDataReader reader;

    try
    {
        reader = command.ExecuteReader();


        if (reader.Read())
        {
            if (!reader.IsDBNull(0))
            {
                sqlPassword = reader["password"].ToString();
            }
        }
        reader.Close();

        if (sqlPassword.ToString() == password.ToString())
        {
            try
            {
                int flag = 0;
                flag = command1.ExecuteNonQuery();

                if (flag > 0)
                {
                    sqlConnection.Close();
                    return "Password Changed Successfully";
                }
                else
                {
                    sqlConnection.Close();
                    return "User Password could not be changed";
                }
            }
            catch (Exception exr)
            {
                sqlConnection.Close();
                return "Password Could Not Be Changed Please Try Again";
            }
        }
        else
        {
            sqlConnection.Close();
            return "User Password does not Match";
        }
    }
    catch (Exception exr)
    {
        sqlConnection.Close();
        return "User's Password already exists";
    }
}

我在附近设置了一个断点

if(flag>0)

它仍然显示executeNonQuery不会返回更新的行值,也不会在SQL Server的后端返回更新的行值,它不会更改。如果有人能纠正我…我应该使用其他的执行命令还是什么? 我使用的是VS 2008和SQL Server 2005。

3 回复 | 直到 14 年前

AllenG 14 年前

1:这是单引号和双引号之间的间距:(如: ' " + username + " ' )
2)您请求SQL注入。

在您的 PasswordChange 方法:

public string PasswordChange(string userName, string oldPass, string newPass)
{
    using(SqlConnection sqlConnection = new SqlConnection(
        ConfigurationManager.ConnectionStrings["LoginDb"].ConnectionString))
   {
    string sqlToConfirmOldPass =
      "SELECT password FROM LoginAccount WHERE username = @userName";
    string sqlToUpdatePassword =
      "UPDATE LoginAccount SET password = @newPass WHERE username = @userName";

    SqlCommand confirmOldPass = new SqlCommand(sqlToConfirmOldPass, sqlConnection);
    confirmOldPass.Parameters.AddWithValue("@userName", userName);

    SqlCommand updatePassword = new SqlCommand(sqlToUpdatePassword, sqlConnection);
    updatePassword.Parameters.AddWithValue("@newPass", newPass);
    updatePassword.Parameters.AddWithValue("@userName", userName);

    [Rest of your code goes here]
   }
}

我也没有看到您在哪里设置了sqlconnection,所以我为它添加了一行。您需要根据需要修改它。

msarchet 14 年前

也许可以试试这个代码。

public string passwordChange(string username, string password, string newPasswd)
{
    string SQLQuery = "SELECT password FROM LoginAccount WHERE username = @username";
    string SQLQuery1 = "UPDATE LoginAccount SET password = @newPassword  WHERE username = @username";
    SqlCommand command = new SqlCommand(SQLQuery, sqlConnection);
    command.Parameters.AddWithValue("@username", username);

    SqlCommand command1 = new SqlCommand(SQLQuery1, sqlConnection);
    command1.Parameters.AddWithValue("@username", username);
    command1.Parameters.AddWithValue("@newPassword", newPasswd);

    sqlConnection.Open();
    string sqlPassword = "";
    SqlDataReader reader;

    try
    {
        reader = command.ExecuteReader();


        if (reader.Read())
        {
            if (!reader.IsDBNull(0))
            {
                sqlPassword = reader["password"].ToString();
            }
        }
        reader.Close();

        if (sqlPassword.ToString() == password.ToString())
        {
            try
            {
                int flag = 0;
                flag = command1.ExecuteNonQuery();

                if (flag > 0)
                {
                    sqlConnection.Close();
                    return "Password Changed Successfully";
                }
                else
                {
                    sqlConnection.Close();
                    return "User Password could not be changed";
                }
            }
            catch (Exception exr)
            {
                sqlConnection.Close();
                return "Password Could Not Be Changed Please Try Again";
            }
        }
        else
        {
            sqlConnection.Close();
            return "User Password does not Match";
        }
    }
    catch (Exception exr)
    {
        sqlConnection.Close();
        return "User's Password already exists";
    }
}

hometoast 14 年前

如果要使零行受到影响,请再次检查where子句是否实际有效。我敢打赌如果你选择 WHERE username = '" + username + "'" 你找不到你要找的那一排。至少,这是我要确认的第一件事。