如果c#sqlClient中有空表单,请不要保存信息

Question

我正在制作论文系统,我正在尝试保存用户帐户.我的条件是,如果有一个空表单,帐户将不会被保存,它将显示一个消息框.我试图把它放在一个if元素中,"如果aForm.Text.Trim()!= null",info/account将被保存到数据库中.但当我试图留下一个空表单并单击保存时,它仍然保存在数据库中.

这是代码*SQL中的所有列都设置为"非空"

private void aAddUserSave_Click(object sender, EventArgs e)
    {
        // it will save the data if all of the forms is not == to null
        // or empty spaces
        // and before the info will be saved
        // the confirm password should be == to the password

        if (aAddUserFirstName.Text.Trim() != null && aAddUserLastName.Text.Trim() != null && aAddUserAddress.Text.Trim() != null && aAddUserContact.Text.Trim() != null && aAddUserPass.Text.Trim() != null &&
            aAddUserPassConfirm.Text.Trim() != null && aAddUserForgotAnswer.Text.Trim() != null && aAddUserPassConfirm.Text == aAddUserPass.Text)
        {
            // location and the command for the database
            string connectionString = @"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\makoy2017\Documents\My files\School Files\Veron System\System Files\DO NOT DELETE\veronServer.mdf;Integrated Security=True;Connect Timeout=30";
            string query = "INSERT INTO usersAccount (firstName, lastName, address, contactNo, position, password, forgotAnswer) values('" + this.aAddUserFirstName.Text + "', '" + this.aAddUserLastName.Text + "', '" + this.aAddUserAddress.Text +
                "', '" + this.aAddUserContact.Text + "', '" + this.aAddUserPosition.SelectedIndex + "', '" + this.aAddUserPass.Text + "', '" + this.aAddUserForgotAnswer.Text + "');";

            // connecting to the database
            SqlConnection sqlConnection = new SqlConnection(connectionString);
            SqlCommand sqlCommand = new SqlCommand(query, sqlConnection);
            SqlDataReader sqlDataReader;

            // try and catch for the saving and reading of the data
            // so if there's a error the system will not close
            // and show the message error
            try
            {
                // open the database connectiont to the system
                sqlConnection.Open();

                // execute the sql command for the sql reader
                sqlDataReader = sqlCommand.ExecuteReader();

                // read all of the data
                while (sqlDataReader.Read())
                {

                }

                // show user saved
                // when the data is saved successfully!
                MessageBox.Show("User Saved!");

            }
            catch (Exception ex)
            {
                // this will show the message box
                // what is the error of the data
                // the data will not be saved in the database
                MessageBox.Show(ex.Message);
            }
        }
        else {
            MessageBox.Show("Please check your confirm/password!");
        }
    }

请帮忙.使代码简单,因为我还是初学者.先感谢您 :)

Answer 1

null和"空字符串"不是一回事.有一个方便的帮助方法来协助条件检查.所以不是这样的:

if (aAddUserFirstName.Text.Trim() != null)

你可以这样做:

if (!string.IsNullOrWhiteSpace(aAddUserFirstName.Text))

这将确保字符串不是:

• 空值
• 一个空字符串(长度为0)
• 一个非空字符串,只包含空格字符(你正在做什么.Trim())

重要提示:您的代码还有其他问题.首先,您对SQL Injection非常开放.这意味着您的代码会盲目地执行用户想要发送的任何SQL代码.不要将用户可修改的值与SQL代码直接连接.而是使用查询参数并将用户输入视为值而不是代码.

此外,当您实际上没有读取任何数据时,您不需要使用ExecuteReader和读取数据.你正在执行一个声明,而不是一个.请改用.INSERTSELECTExecuteNonQuery