在數據庫中存儲空數據的驗證碼

Question

我寫了一個簡單的驗證VB.NET代碼。此代碼正在將EMPTY數據存儲在數據庫表中。我如何避免這種情況，以及在else if陳述後寫什麼代碼？即在電話沒有驗證之後。

這是下面的代碼：

Protected Sub Button1_Click(sender As Object, e As System.EventArgs) Handles Button1.Click 
     If Len(Trim(txtName.Text)) = 0 Then 
      MsgBox("Enter Name", MsgBoxStyle.Critical, "Error") 
      txtName.Focus() 
     ElseIf Len(Trim(txtAge.Text)) = 0 Then 
      MsgBox("Enter Age", MsgBoxStyle.Critical, "Error") 
      txtAge.Focus() 
     ElseIf Len(Trim(txtPhone.Text)) = 0 Then 
      MsgBox("Enter Phone", MsgBoxStyle.Critical, "Error") 
      txtPhone.Focus() 
     Else 
      Dim blnFlag As Boolean = False 
      MsgBox("Enter the details", MsgBoxStyle.Critical, "Error") 
     End If 
     Try 
      Dim strCommand As String 
      strCommand = "Insert into [Validation] ([Name],[Age],[Phone]) VALUES" 
      strCommand = strCommand & "('" & Trim(txtName.Text) & "','" & Trim(txtAge.Text) & "','" & Trim(txtPhone.Text) & "')" 
      Dim StrConnection As String 
      StrConnection = ConfigurationManager.ConnectionStrings("ConnectionString").ToString 
      Dim cnValidation As New SqlClient.SqlConnection(StrConnection) 
      If (cnValidation.State = ConnectionState.Closed) Then 
       cnValidation.Open() 
      End If 
      Dim cmdEmployee As New SqlClient.SqlCommand(strCommand, cnValidation) 
      cmdEmployee.ExecuteNonQuery() 
      cnValidation.Close() 
      MsgBox("Save Successful", MsgBoxStyle.Information, "Success") 
     Catch ex As Exception 
      MsgBox("Save failed " & ex.Message, MsgBoxStyle.Critical, "Failed") 
     End Try 

Answer 1

最簡單的方法是，從方法返回後，您的驗證失敗：

If Len(Trim(txtName.Text)) = 0 Then 
    MsgBox("Enter Name", MsgBoxStyle.Critical, "Error") 
    txtName.Focus() 
    Return 
ElseIf Len(Trim(txtAge.Text)) = 0 Then 
    MsgBox("Enter Age", MsgBoxStyle.Critical, "Error") 
    txtAge.Focus() 
    Return 
ElseIf Len(Trim(txtPhone.Text)) = 0 Then 
    MsgBox("Enter Phone", MsgBoxStyle.Critical, "Error") 
    txtPhone.Focus() 
    Return 
Else 
    Dim blnFlag As Boolean = False 
    MsgBox("Enter the details", MsgBoxStyle.Critical, "Error") 
    Return 
End If 

但是，"Enter the details"部分尚不清楚。爲什麼你總是顯示錯誤消息框？似乎有一個合乎邏輯的問題。今後我會忽略這部分。

這是你的代碼的可讀性更強.NET版本：

Dim validName = Not String.IsNullOrWhiteSpace(txtName.Text) 
Dim validAge = Not String.IsNullOrWhiteSpace(txtAge.Text) 
Dim validPhone = Not String.IsNullOrWhiteSpace(txtPhone.Text) 
Dim isValid = validName AndAlso validAge AndAlso validPhone 

If Not isValid Then 
    If Not validName Then 
     MsgBox("Enter Name", MsgBoxStyle.Critical, "Error") 
     txtName.Focus() 
    ElseIf Not validAge Then 
     MsgBox("Enter Age", MsgBoxStyle.Critical, "Error") 
     txtAge.Focus() 
    ElseIf Not validPhone Then 
     MsgBox("Enter Phone", MsgBoxStyle.Critical, "Error") 
     txtPhone.Focus() 
    End If 
    Return ' return from this method ' 
Else 
    ' insert into DB ' 
    ' .... ' 
End If 

---

側面說明：你真的應該使用SQL的參數，即使這是一個Windows的應用程序。它不僅會阻止你sql-injection attacks同時也可以防止本地化問題（FE與datetime）：

Try 
    Dim newIdenity As Int32 ' determine new ID generated from database ' 
    Dim strCommand = "Insert into [Validation] ([Name],[Age],[Phone]) VALUES (@Name,@Age,@Phone)" 
    Dim StrConnection As String = ConfigurationManager.ConnectionStrings("ConnectionString").ToString 
    Using cnValidation = New SqlClient.SqlConnection(StrConnection) 
     Using cmdEmployee = New SqlCommand(strCommand, cnValidation) 
      cnValidation.Open() 
      cmdEmployee.Parameters.AddWithValue("@Name",txtName.Text) 
      cmdEmployee.Parameters.AddWithValue("@Age",Int32.Parse(txtAge.Text)) 
      cmdEmployee.Parameters.AddWithValue("@Phone",txtPhone.Text) 
      newIdenity = DirectCast(cmdEmployee.ExecuteScalar(), Int32) 
     End Using 
    End Using 
    MsgBox("Save Successful", MsgBoxStyle.Information, "Success") 
Catch ex As Exception 
    MsgBox("Save failed " & ex.Message, MsgBoxStyle.Critical, "Failed") 
End Try 

您應該使用Using語句來的一切implementiong IDisposable其處置非託管資源，它也將關閉連接，即使出現錯誤。

我還展示瞭如何從sql-server中的IDENTITY列中確定新創建的標識值。

請注意，我已將txtAge.Text解析爲Int32，因爲我假定數據庫中的列的類型實際上是int。如果不是這種情況，請刪除Int32.Parse。一般而言，您應始終提供正確的類型作爲參數。