1

我正在 Visual studio.net 2010 中编写登录页面。(c#) 我创建了一个包含一些方法的类。这包括 :

namespace SchoolsNetwork
{
public class cUsers2
{
    SqlConnection SchoolsDBConnectionString;
    SqlDataAdapter sda;
            SqlCommandBuilder scb;
 SqlConnection(ConfigurationManager.ConnectionStrings
 "SchoolsDBConnectionString"].ConnectionString);


public DsUsers2  Checkpassword(string UserName, string password,out bool Success)
    {
        DsUsers2 dsUsers=new DsUsers2();
        string SqlStr="select * from tblMembers  where Username='"+UserName+"' and Password='"+password+"'";
        sda.SelectCommand=new SqlCommand(SqlStr,SchoolsDBConnectionString);

        sda.Fill(dsUsers.tblMembers);
        Success=dsUsers.tblMembers.Rows.Count>0;
        return dsUsers ;
    }

然后在我的 form.aspx 页面中,我有用于输入用户名和密码的文本字段以及用于单击登录的按钮。按钮的代码是:

protected void Button1_Click(object sender, EventArgs e)
    {
        if (txtuser.Text.Trim().Length>0 && txtpass.Value.Length>0 )
        {  
            cUsers2 cUsers=new cUsers2();
            DsUsers2 dsUser=new DsUsers2();
            bool Success;
            if (txtuser.Text.Trim()=="admin")
            {
                Success=cUsers.CheckAdminPass(txtuser.Text.Trim(),txtpass.Value.Trim());  
                if (Success)
                {
                    Response.Redirect("WebForm2.aspx");
                }
            }

            dsUser=cUsers.Checkpassword(txtuser.Text.Trim(), txtpass.Value.Trim(),out Success);
            if(Success)
            {
                Session["ID"]=dsUser.tblMembers.Rows[0][dsUser.tblMembers.IDUserColumn].ToString();
                System.Web.HttpContext.Current.Response.Redirect("frmProfile.aspx");

            }
            else lblerror.Text="invalid username & password";

        }
    }

在 web.config 我有这个作为连接字符串:

<configuration>

  <connectionStrings>
    <add name="ApplicationServices" connectionString="data     source=.\SQLEXPRESS;Integrated Security=SSPI;AttachDBFilename=|DataDirectory|\aspnetdb.mdf;User Instance=true"
  providerName="System.Data.SqlClient" />
    <add name="SchoolsDBConnectionString" connectionString="
Data Source=Sunny-LPTP\SQLEXPRESS;Initial Catalog=SchoolsDB;Integrated Security=True"
  providerName="System.Data.SqlClient" />
  </connectionStrings>

调试后,此行被标记为错误:

sda.SelectCommand=new SqlCommand(SqlStr,SchoolsDBConnectionString);

它说

你调用的对象是空的。

谁能帮帮我吗?谢谢

4

4 回答 4

1

您需要为 sda 创建一个实例

SqlDataAdapter sda = new SqlDataAdapter(SELECT_STMT, CONNECTION)

// according to your project
SqlDataAdapter sda = new SqlDataAdapter(SqlStr,SchoolsDBConnectionString);

请参阅MSDN SqlDataAdapter 构造函数

此外,您应该真正关心SQL Injection。使用SqlParameters

你应该考虑的一些事情

  • 使用块
  • SqlParameter 代替字符串连接
  • 使用 ExecuteScalar 仅访问一个值 / DataAdapter.Fill 获取表

您的代码的一个粗略示例可能是:

using (SqlConnection con = new SqlConnection(CONNECTION_STRING))
{
    string selStmt = "select count(*) from ABC where username=@username and passwort=@password";
    SqlCommand cmd= new SqlCommand (selStmt, con);

    cmd.Parameters.Add("@username", SqlDbType.Varchar);
    cmd.Parameters["@username"].Value = USERNAME_FROM_TEXTBOX

    cmd.Parameters.Add("@password", SqlDbType.Varchar);
    cmd.Parameters["@username"].Value = PASSWORD_FROM_TEXTBOX

    return int.Parse(cmd.ExecuteScalar().ToString()) > 0;
}
于 2012-09-20T14:00:21.547 回答
0

您正在使用一个SchoolsDBConnectionString对象,它只是定义未初始化。

您可以尝试以下操作:

SqlConnection SchoolsDBConnectionString = new SqlConnection(ConfigurationManager.ConnectionStrings["SchoolsDBConnectionString"].ConnectionString);

后期你刚刚定义了SqlDataAdapter sda没有初始化它的字段。
所以写下:

SqlDataAdapter sda = new SqlDataAdapter(YourQueryVariable, SchoolsDBConnectionString);
于 2012-09-20T14:09:21.040 回答
0

似乎您收到此异常是因为您尚未初始化“sda”对象:

SqlDataAdapter sda;

你需要初始化它:

sda = new SqlDataAdapter(...);
于 2012-09-20T14:01:28.930 回答
0

您应该在使用它之前创建一个对象实例

// call constructor before you use code 
 sda = new SqlDataAdapter();       
 sda.SelectCommand=new SqlCommand(SqlStr,SchoolsDBConnectionString);
于 2012-09-20T14:01:51.147 回答