1. 首頁
  2. 問答
  3. 如何檢查員工是否註冊以獲得福利?

如何檢查員工是否註冊以獲得福利?

2012-09-28 24 views
0

我們有一個表單傳遞3個參數fname,lname,hiredate到另一個頁面,用於檢查某個人是否是公司的員工。如何檢查員工是否註冊以獲得福利?

下面的代碼根據這3個參數進行驗證。

Dim sqlstr As String = "SELECT fname,lname,hiredate (SELECT COUNT(*) FROM Comp WHERE comp.emp_ID = e.emp_ID) AS [exists], b.* FROM dbo.EMP e LEFT OUTER JOIN comp b ON e.emp_id=b.emp_id WHERE e.fname Like '%" & Request.QueryString("fname") & "%' And e.lname Like '%" & Request.QueryString("lname") & "%' And e.hiredate = '" & Request.QueryString("hiredate") & "'"

如果檢查證實此人確實是僱員,下一個代碼檢查他/她的資格限額獲得收益:

If myDS.Tables(0).Rows.Count > 0 Then 

    Dim listOfBenefits = New List(Of String) ({ _ 
     "CT07B", "CT081", "CT083", "SG09A", "SG10", "SC11A", "SG23", "SG23A", "SG27" _ 
    }) 

    If Not listOfBenefits.Contains(txtBenefits.Text) Then 
     blMsg.Text = "This employee is not eligible to receive any of the listed benefits yet." 
    End If 

End If

這個作品非常好爲止。

現在,我們正在嘗試添加另一張支票來驗證特定員工是否已獲得任何福利註冊。

如果員工沒有註冊任何福利,那麼不需要檢查他或她的資格。

另一方面,如果員工已經註冊了一些福利,那麼我們檢查他/她是否有資格獲得上述任何列出的福利。

我的支票到目前爲止不起作用,以確定員工是否註冊了任何福利被忽略。

我在做什麼錯?

這是更新的代碼,其中包括檢查福利註冊。

Dim sqlstr As String = "SELECT fname,lname,hiredate, (SELECT COUNT(*) FROM Comp WHERE comp.emp_ID = e.emp_ID) AS [exists], b.* FROM dbo.EMP e LEFT OUTER JOIN comp b ON e.emp_id=b.emp_id WHERE e.fname Like '%" & Request.QueryString("fname") & "%' And e.lname Like '%" & Request.QueryString("lname") & "%' And e.hiredate = '" & Request.QueryString("hiredate") & "'" 

If myDS.Tables(0).Rows.Count > 0 Then 

    ' Ok, this individual is an employee, let's check to see if s/he has registered for any benefits. 
    benefitSQL = "SELECT fname, lname, (SELECT COUNT(*) FROM benefits WHERE benefits.emp_ID = e.emp_ID) AS [exists], b.* FROM dbo.EMP e LEFT OUTER JOIN benefits b ON e.emp_id=b.emp_id " 

    If CInt(exists.Value) > 0 Then 
     ' Then employee has some benefits. Now, check whether one of those benefits is on the list below. ' 

     Dim listOfBenefits = New List(Of String) ({ _ 
      "CT07B", "CT081", "CT083", "SG09A", "SG10", "SC11A", "SG23", "SG23A", "SG27" _ 
     }) 

     If Not listOfBenefits.Contains(txtBenefits.Text) Then 
      lblMsg.Text = "This employee is not eligible to receive any of the listed benefits yet." 
     End If 
    Else 

     lblMsg.Text = "This employee has not registered for any benefits yet." 
    End If 
End If

的SQL,格式化:

SELECT 
    fname, 
    lname, 
    hiredate, 
    (
     SELECT 
      COUNT(*) 
     FROM 
      Comp 
     WHERE 
      comp.emp_ID = e.emp_ID 
    ) AS [exists], 
    b.* 
FROM 
    dbo.EMP e 
    LEFT OUTER JOIN comp b ON e.emp_id = b.emp_id 
WHERE 
    e.fname LIKE %@fname And e.lname LIKE %@lname% 
    AND 
    e.hiredate = @hiredate

來源

2012-09-28 Kenny

+0

如何執行福利查詢e xecutescalar或executableql。 –

+4

你的代碼是開放的SQL注入攻擊。 – Dai

+0

我顯示的代碼只是一段非常長的代碼片段。 我只是希望有人能看到我的邏輯是否關閉。 以後我可以擔心注射。 – Kenny

回答

0

您選擇的數據,而是要通過數據來約束:

SELECT 
    e.fname, 
    e.lname, 
    e.hiredate 
FROM 
    dbo.EMP e 
WHERE 
    e.fname LIKE %@fname And e.lname LIKE %@lname% 
    AND 
    e.hiredate = @hiredate 
    AND 
    EXISTS (
     SELECT 
      1 
     FROM 
      Comp 
     WHERE 
      comp.emp_ID = e.emp_ID 
    )

你也可以內部連接表:

SELECT 
    e.fname, 
    e.lname, 
    e.hiredate, 
    c.* 
FROM 
    dbo.EMP e 
    INNER JOIN Comp c ON e.emp_ID = c.emp_ID 
WHERE 
    e.fname LIKE %@fname And e.lname LIKE %@lname% 
    AND 
    e.hiredate = @hiredate

來源

2012-09-28 21:25:15 d89761

相關問題

 相關問題