Question

我对项目的登录功能有点新意，我正在尝试为我的组进行登录，该组由3名用户组成，即护士，病人和药剂师。我想我即将完成腰部过程，但我的一个方法有问题，我的LoginDAO.cs中的getPosition（）。到目前为止，我还没有为患者和药剂师做过任何登录代码，因为我需要我的小组伙伴＆＃39;部分工作，但下面显示的是我所做的。不知何故，登录（字符串nric，字符串pw）工作，但不是getPosition（字符串nric）。这是我从错误日志中得到的错误：例外：必须声明标量变量＆＃34; @ paraNRIC＆＃34;。来源：LoginDAO.getPosition 提前致谢：D

protected void btnLogin_Click(object sender, EventArgs e)
{
    login login = new login();
    login.nric = tbLoginID.Text;
    login.pw = tbPassword.Text;
    if (login.userLogin(login.nric, login.pw))
    {
        if (login.getPosition(login.nric) == "Nurse")
        {
            Response.Redirect("Nurse.aspx");
        }
        else if (login.getPosition(login.nric) == "Patient")
        {
            Response.Redirect("Patient.aspx");
        }
        else if (login.getPosition(login.nric) == "Pharmacist")
        {
            Response.Redirect("PharmacistDisplay.aspx");
        }
    }
    else
    {
        lblErr.Text = "Invalid account.";
    }
}

public bool login(string nric, string pw)
{
    bool flag = false;
    SqlCommand cmd = new SqlCommand();
    StringBuilder sqlStr = new StringBuilder();

    sqlStr.AppendLine("SELECT Password from Position");
    sqlStr.AppendLine("Where NRIC = @paraNRIC");
    try
    {
        SqlConnection myconn = new SqlConnection(DBConnect);
        cmd = new SqlCommand(sqlStr.ToString(), myconn);

        cmd.Parameters.AddWithValue("@paraNRIC", nric);

        DataTable dt = new DataTable();
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        da.Fill(dt);
        if (dt == null)
        {
            flag = false;
        }
        else
        {
            string dbhashedpw = dt.Rows[0]["Password"].ToString();
            flag = Helper.VerifyHash(pw, "SHA512", dbhashedpw);
        }
    }
    catch (Exception exc)
    {
        logManager log = new logManager();
        log.addLog("NurseDAO.login", sqlStr.ToString(), exc);
    }


    return flag;
}

public string getPosition(string nric)
{
    string dbPosition = "";
    int result = 0;
    SqlCommand cmd = new SqlCommand();

    StringBuilder sqlStr = new StringBuilder();
    sqlStr.AppendLine("SELECT Position from Position ");
    sqlStr.AppendLine("where NRIC = @paraNRIC");

    cmd.Parameters.AddWithValue("@paraNRIC", nric);
    try
    {
        SqlConnection myconn = new SqlConnection(DBConnect);
        cmd = new SqlCommand(sqlStr.ToString(), myconn);
        DataTable dt = new DataTable();
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        da.Fill(dt);

        myconn.Open();
        result = cmd.ExecuteNonQuery();
        dbPosition = dt.Rows[0]["Position"].ToString();
        myconn.Close();
    }
    catch (Exception exc)
    {
        logManager log = new logManager();
        log.addLog("LoginDAO.getPosition", sqlStr.ToString(), exc);
    }


    return dbPosition;
`}

Answer 1

您可以更改此行

sqlStr.AppendLine（“其中NRIC = @paraNRIC”）;

到此

sqlStr.AppendLine（“其中NRIC ='”+ nric +“'”）;

并完全避免参数。

Answer 2

您的错误在这里：

SqlCommand cmd = new SqlCommand();
// lines omitted
cmd.Parameters.AddWithValue("@paraNRIC", nric);
try
{
    SqlConnection myconn = new SqlConnection(DBConnect);
    cmd = new SqlCommand(sqlStr.ToString(), myconn);
    DataTable dt = new DataTable();
    SqlDataAdapter da = new SqlDataAdapter(cmd);
    da.Fill(dt);

请注意，您要实例化cmd两次。代码将参数添加到第一个SqlCommand实例，但执行第二个实例。

要解决此问题，请确保在您调用的SqlCommand实例上声明参数：

public string getPosition(string nric)
{
    string dbPosition = "";
    int result = 0;
    // remove this line: SqlCommand cmd = new SqlCommand();

    StringBuilder sqlStr = new StringBuilder();
    sqlStr.AppendLine("SELECT Position from Position ");
    sqlStr.AppendLine("where NRIC = @paraNRIC");
    // move parameter declaration until after you declare cmd
    try
    {
        SqlConnection myconn = new SqlConnection(DBConnect);
        SqlCommand cmd = new SqlCommand(sqlStr.ToString(), myconn);
        // add the parameters here:
        cmd.Parameters.AddWithValue("@paraNRIC", nric);
        // code continues

登录不同职位的用户

2 个答案: