1

我已经创建了 asp.net WebService。我想在验证他之后更新用户的信息,这意味着如果他输入的新用户名不存在,那么只有他可以更新新用户名,否则不存在。

问题是它成功验证了用户,但是当我尝试指定不存在的新用户名时,它会给我一个错误,例如;

 Request format is unrecognized for URL unexpectedly ending in '/UpdateUserInfo'.

以下是我的代码:

 public int UpdateUserInfo(string oldusername, string newusername, string mailid, string password)
    {
        string validateUser = "Select UserName from tbl_UserInfo where UserName='" + newusername + "' ";
        con = new MySqlConnection(conString);
        con.Open();
        MySqlCommand cmd1 = new MySqlCommand(validateUser, con);
        string User = cmd1.ExecuteScalar().ToString();
        con.Close();
        if (User == newusername)
        {
            return 0;
        }
        else 
        {
            string updateUser = "Update tbl_UserInfo SET UserName='" + newusername + "',Password='" + password + "',Email_ID='" + mailid + "' where UserName='" + oldusername + "' ";
            con = new MySqlConnection(conString);
            con.Open();
            MySqlCommand cmd = new MySqlCommand(updateUser, con);
            int success = cmd.ExecuteNonQuery();
            con.Close();

            if (success > 0)
            {
                return success;
            }
            else
                return 0;
        }
    }

注意:我希望结果为;

         IF my UserName is A and when i update that UserName with same name 
           i.e A than it should not be updated but when i give another name as B 
             than it should be updated by B i.e now UserName A becomes the B

有什么问题?

请给出解决方案。

谢谢..

4

1 回答 1

4

哦,请使用参数化查询。啊,并处置您的 IDisposable 资源。您将省去头痛、SQL 注入、格式不正确的数据,...

public int UpdateUserInfo(
    string oldusername, 
    string newusername, 
    string mailid, 
    string password
)
{
    using (var con = new MySqlConnection(conString))
    using (var cmd = con.CreateCommand())
    {
        con.Open();
        cmd.CommandText = "SELECT count(UserName) from tbl_UserInfo where UserName = @newusername";
        cmd.Parameters.AddWithValue("@newusername", newusername);

        var count = (long)cmd.ExecuteScalar();
        if (count < 1)
        {
            return 0;
        }
    }

    using (var con = new MySqlConnection(conString))
    using (var cmd = con.CreateCommand())
    {
        con.Open();
        cmd.CommandText = "UPDATE tbl_UserInfo SET UserName = @newusername, Password = @password, Email_ID = @mailid WHERE UserName = @oldusername";
        cmd.Parameters.AddWithValue("@newusername", newusername);
        cmd.Parameters.AddWithValue("@password", password);
        cmd.Parameters.AddWithValue("@mailid", mailid);
        cmd.Parameters.AddWithValue("@oldusername", oldusername);
        return cmd.ExecuteNonQuery();
    }
}

或者您也可以将它们拆分为单独的方法:

public bool UsernameExists(string username)
{
    using (var con = new MySqlConnection(conString))
    using (var cmd = con.CreateCommand())
    {
        con.Open();
        cmd.CommandText = "SELECT count(UserName) from tbl_UserInfo where UserName = @newusername";
        cmd.Parameters.AddWithValue("@newusername", username);
        return (long)cmd.ExecuteScalar() > 0;
    }
}

public int Update(string oldusername, string newusername, string mailid, string password)
{
    using (var con = new MySqlConnection(conString))
    using (var cmd = con.CreateCommand())
    {
        con.Open();
        cmd.CommandText = "UPDATE tbl_UserInfo SET UserName = @newusername, Password = @password, Email_ID = @mailid WHERE UserName = @oldusername";
        cmd.Parameters.AddWithValue("@newusername", newusername);
        cmd.Parameters.AddWithValue("@password", password);
        cmd.Parameters.AddWithValue("@mailid", mailid);
        cmd.Parameters.AddWithValue("@oldusername", oldusername);
        return cmd.ExecuteNonQuery();
    }
}

public int UpdateUserInfo(string oldusername, string newusername, string mailid, string password)
{
    if (!UsernameExists(newusername))
    {
        return Update(oldusername, newusername, mailid, password);
    }
    return 0;
}
于 2012-05-16T12:38:54.243 回答