System.Data.SqlClient.SqlException：'违反主键约束

Posted 2023-04-12

【中文标题】System.Data.SqlClient.SqlException：\'违反主键约束

【英文标题】：System.Data.SqlClient.SqlException: 'Violation of PRIMARY KEY constraintSystem.Data.SqlClient.SqlException：'违反主键约束

【发布时间】：2022-01-06 12:22:48

【问题描述】：

private void btnRegister_Click(object sender, EventArgs e)

    SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;Initial Catalog=LoginInfo;Persist Security Info=True;User ID=MJ;Password=12345");
    con.Open();

    if (tbRegisterConfirmPassword.Text != string.Empty || tbRegisterPassword.Text != string.Empty || tbRegisterUser.Text != string.Empty)
    
        SqlConnection connection = new SqlConnection();
        SqlCommand command = new SqlCommand();
        SqlDataReader dr;
           
        if (tbRegisterPassword.Text == tbRegisterConfirmPassword.Text)
        
            command = new SqlCommand("select * from tbl_acc where username = '" + tbRegisterUser + "'", con);
            dr = command.ExecuteReader();

            if (dr.Read())
            
                dr.Close();
                lbRegister.Text = "Username Already Taken";
                lbRegister.ForeColor = Color.Red;
            
            else
            
                dr.Close();

                command = new SqlCommand("insert into tbl_acc values (@username, @password)", con);
                command.Parameters.AddWithValue("username", tbRegisterUser.Text);
                command.Parameters.AddWithValue("password", tbRegisterPassword.Text);
                command.ExecuteNonQuery();

                MessageBox.Show("Your account has now been registered", "Registration Success", MessageBoxButtons.OK, MessageBoxIcon.Information);
            
        
        else
        
            lbRegister.Text = "Password does not match";
            lbRegister.ForeColor = Color.Red;
        
    
    else
    
        lbRegister.Text = "Please fill out all the fields";
        lbRegister.ForeColor = Color.Red;
    

【问题讨论】：

SQL Injection alert - 您应该不将您的 SQL 语句连接在一起 - 使用 参数化查询 来避免 SQL 注入 - 查看Little Bobby Tables

永远不要选择 *

永远不要以明文形式存储最终用户密码。

并且始终在您的INSERT 子句中包含一个列列表。

哦，AddWithValue is evil

【参考方案1】：

这是 EF 的样子：

private void SetRegLabel(string s)
    lbRegister.ForeColor = s == null ? Color.Black : Color.Red;
    lbRegister.Text = s;


private void btnRegister_Click(object sender, EventArgs e)

    SetRegLabel(null);

    if(tbRegisterConfirmPassword.Text != tbRegisterPassword.Text)
      SetRegLabel("Passwords don't match");

    else if (new[] tbRegisterConfirmPassword, tbRegisterPassword, tbRegisterUser.Any(tb => string.IsNullOrWhiteSpace(tb.Text))) 
      SetRegLabel("Fill in all fields");

    else if(context.Users.Any(u => u.UserName == tbRegisterUser.Text)) 
      SetRegLabel("Username taken");

    else 
      context.Users.Add(new User() 
        UserName = tbRegisterUser.Text, 
        Password = Convert.ToBase64String(MD5.Create().ComputeHash(Encoding.UTF8.GetBytes("saaalt33"+tbRegisterPassword.Text)))
      );
      context.SaveChanges();