從數據庫獲得價值不如預期

Question

我做了一個asp.net應用程序，我試圖從sql表中讀取數據，但數據只是不會比較，因爲我沒有收到消息「噸有一個銀行帳戶，你不能註冊到我們的網站」

SqlConnection connection = new SqlConnection(@"Data Source=SHKELQIM\SQLEXPRESS;Initial Catalog=E-Banking;Integrated Security=True"); 

connection.Open(); 
SqlDataReader reader = null; 
SqlCommand command = new SqlCommand("SELECT * FROM ACCOUNTS WHERE Accountnumber='" + accountnumber1.Text + "'", connection); 
reader = command.ExecuteReader(); 

if (reader.Read()) 
{ 
    string getAccountNumber = reader[0].ToString(); 
    reader.Close(); 

    if (getAccountNumber != accountnumber1.Text) 
    { 
     lblaccountnumber.Visible = true; 
     lblaccountnumber.Text = "You don't have a bank account, you can't register to our website"; 
    } 
} 

Answer 1

我會檢查reader.HasRows財產和顯示信息

using (SqlConnection connection = new SqlConnection(@"Data Source=SHKELQIM\SQLEXPRESS;Initial Catalog=E-Banking;Integrated Security=True")) 
using(SqlCommand command = new SqlCommand("SELECT * FROM ACCOUNTS WHERE Accountnumber= @Accountnumber", connection)) 
{ 
    command.Parameters.AddWithValue("Accountnumber", accountnumber1.Text); 
     connection.Open(); 
    using(SqlDataReader reader = command.ExecuteReader()) 
    { 
     if (!reader.HasRows) 
     { 
      lblaccountnumber.Visible = true; 
      lblaccountnumber.Text = "You don't have a bank account, you can't register to our website"; 
     } 
    } 

} 

Answer 2

找到這個問題的最好辦法是把一個破發點就行了：

if (getAccountNumber != accountnumber1.Text) 

，看看爲什麼值不匹配。

我的猜測是該帳號不是您的SELECT *查詢中的第一列，因此reader[0].ToString()並非真正的帳號，而是另一個值。相反，通過列名獲取列索引，就像這樣：

string getAccountNumber = reader.GetString(reader.GetOrdinal("Accountnumber")); 

---

這也將是使用參數化查詢，這樣你就不會從Little Bobby Tables得到訪問一個偉大的想法。

下面是一個使用參數化查詢代碼：

string theQuery = "SELECT * FROM ACCOUNTS WHERE Accountnumber=@AccountNumber"; 

SqlCommand command = new SqlCommand(theQuery, connection); 
command.Parameters.AddWithValue("@AccountNumber", accountnumber1.Text); 

reader = command.ExecuteReader();