0

当用户尝试使用已经存在的用户名注册时,如何修复 IF 语句。目前,如果用户名已经存在,我的程序将不接受输入的数据,但它仍会进入下一页(即使数据未保存在数据库中)。我需要知道的是如何消除这个问题,所以当用户输入一个存在的“用户名”时,它只会给出错误的消息框,而不是移动到下一页。

谢谢! 

private void btnSignupNew_Click(object sender, EventArgs e)
{    
   if (txtUsername.Text == "")
   {
      errorUsername.SetError(txtUsername, "Enter A Username");
   }

   else if (txtPassword.Text == "")
   {
      errorPassword.SetError(txtPassword, "Enter A Valid Password");
   }

   else
   {
      using (SqlConnection con = new SqlConnection("Data Source=etc"))
      {
         con.Open();
         bool exists = false;

         // create a command to check if the username exists
         using (SqlCommand cmd = new SqlCommand("select count(*) from [User] where UserName = @UserName", con))
         {
            cmd.Parameters.AddWithValue("UserName", txtUsername.Text);
            exists = (int)cmd.ExecuteScalar() > 0;
         }

         // if exists, show a message error
         if (exists)
         {
            MessageBox.Show("Username: " + txtUsername.Text + "  already Exists");
            //errorPassword.SetError(txtUsername, "This username has been using by another user.");
         }    

         else
         {
            // does not exists, so, persist the user
            using (SqlCommand cmd = new SqlCommand("INSERT INTO [User] values (@Forename, @Surname, @Username, @Password)", con))
            {
               cmd.Parameters.AddWithValue("Forename", txtForename.Text);
               cmd.Parameters.AddWithValue("Surname", txtSurname.Text);
               cmd.Parameters.AddWithValue("UserName", txtUsername.Text);
               cmd.Parameters.AddWithValue("Password", txtPassword.Text);
               cmd.ExecuteNonQuery();
            }
          }
          con.Close();

          MessageBox.Show("Sucessfully Signed Up");
          Form1 signin = new Form1();
          signin.Show();
          this.Close();
       }
   }      
}

}

4

2 回答 2

3

无论用户名是否已经存在,您的代码总是会关闭表单并启动登录表单,因为执行登录表单的逻辑是您测试唯一性之后执行的。只有在唯一性测试成功时才会发生这种情况。

将您的逻辑更改为如下所示:

// if exists, show a message error
if (exists)
{
    MessageBox.Show("Username: " + txtUsername.Text + "  already Exists");
           //errorPassword.SetError(txtUsername, "This username has been using by another user.");
}
else
{
    // does not exists, so, persist the user
    using (SqlCommand cmd = new SqlCommand("INSERT INTO [User] values (@Forename, @Surname, @Username, @Password)", con))
    {
         cmd.Parameters.AddWithValue("@Forename", txtForename.Text);
         cmd.Parameters.AddWithValue("@Surname", txtSurname.Text);
         cmd.Parameters.AddWithValue("@UserName", txtUsername.Text);
         cmd.Parameters.AddWithValue("@Password", txtPassword.Text);

         cmd.ExecuteNonQuery();
    }
    MessageBox.Show("Sucessfully Signed Up");
    Form1 signin = new Form1();
    signin.Show();
    this.Close();
}
con.Close();
于 2013-02-28T18:24:02.707 回答
3

将参数更改为如下所示我还建议在必要时向编辑框添加某种验证,以防有人添加不正确的值以防止任何SQL Injectection人亲自为编辑框创建属性值并传入属性值。只是一个建议

您的代码中第一个让我印象深刻的问题是以下行

cmd.Parameters.AddWithValue("UserName", txtUsername.Text);

应该

cmd.Parameters.AddWithValue("@UserName", txtUsername.Text);

// if exists, show a message error
if (exists)
{
    MessageBox.Show("Username: " + txtUsername.Text + "  already Exists");
           //errorPassword.SetError(txtUsername, "This username has been using by another user.");
}
else
{
    // does not exists, so, persist the user
    using (SqlCommand cmd = new SqlCommand("INSERT INTO [User] values (@Forename, @Surname, @Username, @Password)", con))
    {
         cmd.Parameters.AddWithValue("@Forename", txtForename.Text);
         cmd.Parameters.AddWithValue("@Surname", txtSurname.Text);
         cmd.Parameters.AddWithValue("@UserName", txtUsername.Text);
         cmd.Parameters.AddWithValue("@Password", txtPassword.Text);

         cmd.ExecuteNonQuery();
    }
    MessageBox.Show("Sucessfully Signed Up");
    Form1 signin = new Form1();
    signin.Show();
    this.Close();
}
con.Close();
于 2013-02-28T18:27:09.853 回答