字符串必须正好一个字符长c#中的错误

如何解决此错误字符串必须正好一个字符长.我正在分享这个功能,请查看此问题并解决此问题.

我突出显示你可以看到这一行.如果我们可以将char转换为字符串或其他东西,如何解决这个问题.

功能

public DataTable mlogin(string username, string password)
{
    string cOnstring= ConfigurationManager.ConnectionStrings["Real"].ConnectionString;

    SqlConnection con = new SqlConnection(constring);
    password = Cryptographer.Encrypt(password);
    con.Open();

    if ( char.IsNumber( Convert.ToChar(username)))   //String must be exactly one character long
    {
        cmd = new SqlCommand("select MD.MembershipID, MembershipName, address, ISNULL(FD.FileID,'') as FileID,ISNULL(Sec.SectorName, '') as SectorName, ISNULL(I.PlotNo, '') as PlotNo, MD.ClientPic from MemberMaster MM " +
            " inner join MembersDetail MD on MD.MemberShipID = MM.MemberShipID and MD.Srno = 1 " +
            " inner join MasterFileDetail FD on FD.MembershipID = MM.MemberShipID and FD.IsOwner = 1 and FD.IsTransfered = 1 " +
            " inner join MasterFile FM on FM.FileID = FD.FileID and FM.Cancel = 0 " +
            " inner join Sectors Sec on Sec.Phase_ID = FM.PhaseId and Sec.Sector_ID = FM.Sector_ID " +
            " inner join PlotsInventory I on I.Phase_ID = FM.PhaseId and I.Plot_ID = FM.Plot_ID " +
            " where MM.MemberShipID = '" + username + "' and MM.IsApproved = 1 and RTRIM(MM.LoginPwd) = '" + password + "' and MM.IsActive = 1 " +
            " order by FD.FileID", con);
    }
    else
    {
        cmd = new SqlCommand("select User_Id, User_Name,User_Type, Group_Id from BriskSecurity.dbo.Users where User_Login='" + username + "' and User_password='" + password + "' ", con);
    }

        cmd.CommandType = CommandType.Text;
        cmd.Parameters.AddWithValue("@MembershipID",username);
        cmd.Parameters.AddWithValue("@LoginPwd", password);
        DataTable mDT_User = new DataTable();
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        da.Fill(mDT_User);
        con.Close();
        return mDT_User;

    }

John_Reinsta.. 6

你所做的事情根本就是错误的.

考虑用户名"John".你能将4个字符的字符串转换成单个字符吗？不可以.您无法使用它来验证整个用户名是否为数字.

相反,您有两种选择:

(1)验证用户名的每个字符是否为数字:

if (username.All(c => char.IsNumber(c)))
{

(2)将其解析为一个数字(假设它可以表示为数字,前导零并不重要)

if (int.TryParse(username, out var usernameAsInt))
{

接下来,我建议查看参数化的SQL查询.

想象一下以下查询:

"SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'"

如果我的用户名是什么会' OR username = 'administrator'; --怎样？查询变为:

SELECT * FROM users WHERE username = '' OR username = 'administrator'; -- ' AND password = ''

之后的一切 - 成为评论.您可以在此处了解有关参数化SQL查询的更多信息.

你所做的事情根本就是错误的.

考虑用户名"John".你能将4个字符的字符串转换成单个字符吗？不可以.您无法使用它来验证整个用户名是否为数字.

相反,您有两种选择:

(1)验证用户名的每个字符是否为数字:

if (username.All(c => char.IsNumber(c)))
{

(2)将其解析为一个数字(假设它可以表示为数字,前导零并不重要)

if (int.TryParse(username, out var usernameAsInt))
{

接下来,我建议查看参数化的SQL查询.

想象一下以下查询:

"SELECT * FROM users WHERE username = '" + username + "' AND password = '" + password + "'"

如果我的用户名是什么会' OR username = 'administrator'; --怎样？查询变为:

SELECT * FROM users WHERE username = '' OR username = 'administrator'; -- ' AND password = ''

之后的一切 - 成为评论.您可以在此处了解有关参数化SQL查询的更多信息.