-3

The C# Code: 

string str = "Data Source=(LocalDB)\\MSSQLLocalDB;";
str += "AttachDbFilename=|DataDirectory|DinoData.mdf;";
str += "Integrated Security= True";

SqlConnection c;
c = new SqlConnection(str);
SqlCommand Cdd = new SqlCommand("SELECT COUNT(*) FROM [User] WHERE UserName LIKE @Username;", c);
Cdd.Parameters.AddWithValue("@Username", txtuser.Text);
c.Open();
int NameExist = (int)Cdd.ExecuteScalar();
c.Close();
if (NameExist > 0)
{
    CVName.IsValid = true;

    if ((bool)Session["Conect"])
    {
        SqlCommand getlev = new SqlCommand("SELECT level FROM [User] WHERE Username like @user", c);
        getlev.Parameters.AddWithValue("@user", txtuser.Text);
        c.Open();
        int a = (int)getlev.ExecuteScalar();
        c.Close();
        if (a>5)
        {
            CVSemi.IsValid = false;
            if (a >= 10)
            {
                CVmax.IsValid = false;
            }
            else
                CVmax.IsValid = true;
        }
        else
        {
            CVSemi.IsValid = true;
        }
    }
}
else
{
    CVName.IsValid = false;
    txtuser.CssClass = "err";
}
if (Page.IsValid)
{
    /*Something happen*/
}

The validator CVmax always true even when I turned the if to: if (a >= 1)

I update the code the CVmax is always valid why?? I tried to do every thing but without success please help

Eric J.
  • 147,927
  • 63
  • 340
  • 553
Oz Cohen
  • 35
  • 1
  • 1
  • 7
  • Can you at least format your code properly? – DavidG Jun 02 '16 at 22:33
  • 2
    Have you debugged if the control is entering into `if (a >= 10)`? What initial value have to provided to CVmax? – vabii Jun 02 '16 at 22:43
  • `The validator CVmax always true even when I turned the if to: if (a >= 1)` What value does `a` have when you step through your code in a debugger? – Eric J. Jun 02 '16 at 22:47
  • 1
    Leaving your problem aside for a second, you really need to learn how C# code is written. You are missing `using` statements and your way to initialize/name objects shows lack of knowledge. Have you even tried to see what value the Database actually has? – Camilo Terevinto Jun 02 '16 at 22:48
  • 1
    Side note: For the love of unmanaged resources, please use the `using` statement for things that are IDisposable. If the line with ExecuteScalar throws an exception for any reason, the connection will never be closed. – Eric J. Jun 02 '16 at 22:49

2 Answers2

0

I'd run the debugger to be sure, but are you sure it's not skipping the second if?

if (NameExist > 0) {
CVName.IsValid = true;  // here you set the value to true.

// supposing this if doesn't trigger, CVmax will stay true.
    if ((bool)Session["Conect"])
    {
        SqlCommand getlev = new SqlCommand("SELECT level FROM [User] WHERE Username like @user", c);
        getlev.Parameters.AddWithValue("@user", txtuser.Text);
         c.Open();
         int a = (int)getlev.ExecuteScalar();
         c.Close();

         if (a>5){
             CVSemi.IsValid = false;

             if (a >= 10) {
                 CVmax.IsValid = false;
              }
              else {
                   CVmax.IsValid = true;
              }
          else
          {
                CVSemi.IsValid = true;
           }
    else
    {
        CVName.IsValid = false;
        txtuser.CssClass = "err";
    }

As @DavidG says, you code is formatted poorly. After organizing it a bit, it looks like some of your IFs aren't even hitting. In the snippet you gave there not alternative for the NameExist > 0 bit so all that needs to be entered is a correct user name...

So, to be brutally honest, scrap the code and start fresh with proper formatting and Using.

kyle_engineer
  • 280
  • 1
  • 11
-1

Been awhile since I used something other than an ORM, but I'd make the following suggestions:

1) Review how you are handling the ExecuteScalar response, see [here]: https://stackoverflow.com/a/1999031/6415885

2) Since a null response is a distinct possibility here, is the boxing of ExecuteScalar, forcing a 0 response?

 int a = (int)getlev.ExecuteScalar();

or should it be

int? a = (int?)getlev.ExecuteScalar();
 if (a != null)
 {
      if (a==0) {CVmax.IsValid = false;}
 }
 else
 {
      CVmax.IsValid = false
 }
Community
  • 1
  • 1
SqlOnly
  • 258
  • 1
  • 9
  • 1
    No, no, no! Don't suggest SQL like this - it is highly vulnerable to SQL Injection attacks. – DavidG Jun 02 '16 at 23:26
  • And with "'%' + @user + '%'" as the like a user could input a generic single character (say "a") and it would find many matches depending on the size of the user db. Won't work and is very dangerous. – kyle_engineer Jun 02 '16 at 23:30
  • Removed suggestion – SqlOnly Jun 02 '16 at 23:56