我有一个提交页面,我需要限制用户在特定时间段内可以尝试的尝试次数。
调用一个存储过程来检查数据库 1 中的某些数据,并记录 IP 地址和表单提交到数据库 2 中的日期/时间。
我需要做的就是检查该 IP 地址在 30 分钟内记录了多少次尝试,如果该数字超过 5,则限制进一步的提交尝试。
这是我的 VB 代码:
Protected Sub btn_Cont_Click(sender As Object, e As EventArgs) Handles btn_Cont.Click
Dim StudentIDLast4 As Integer = Val(textSSN.Text)
Dim StudentIDInst As String = textSID.Text.ToUpper
Dim DateOfBirth As String = textDOB.Text
Dim IPaddress As String = Request.UserHostAddress()
Dim sqlConnection1 As New SqlConnection("Data Source=(localdb)\v11.0;Initial Catalog=tempdb;Integrated Security=True")
Dim cmd As New SqlCommand
Dim returnValue As String
Dim returnCount As Integer
cmd.CommandText = "proc_ReverseTransferConsent_Find_Match"
cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@StudentIDLast4", StudentIDLast4)
cmd.Parameters.AddWithValue("@StudentIDInst", StudentIDInst)
cmd.Parameters.AddWithValue("@DateOfBirth", DateOfBirth)
cmd.Parameters.AddWithValue("@IPaddress", IPaddress)
cmd.Connection = sqlConnection1
Dim sqlConnection2 As New SqlConnection("Data Source=(localdb)\v11.0;Initial Catalog=tempdb;Integrated Security=True")
Dim attempts As String
Dim comm As New SqlCommand("SELECT [Count] = COUNT(*) FROM ReverseTransferConsent_Attempt WHERE IPaddress = @IPaddress AND CreatedDate > DATEADD(MINUTE, -30, GETDATE())")
Dim ap As New SqlDataAdapter(comm.CommandText, sqlConnection1)
Dim ds As New DataSet()
comm.Parameters.AddWithValue("@IPaddress", IPaddress)
If Page.IsValid Then
sqlConnection2.Open()
ap.Fill(ds)
attempts = ds.Tables(0).Rows.Count.ToString()
sqlConnection2.Close()
sqlConnection1.Open()
returnValue = Convert.ToString(cmd.ExecuteScalar())
sqlConnection1.Close()
returnCount = returnValue.Length
If attempts <= 5 Then
If returnCount > 4 Then
Response.Redirect("RTAgreement.aspx?rVal=" + returnValue)
Else
Label2.Text = StudentIDInst
End If
ElseIf attempts > 5 Then
Label2.Text = "Only 5 submission attempts allowed per 30 minutes"
End If
End If
End Sub
它给了我错误:
An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code
Additional information: Must declare the scalar variable "@IPaddress".
我使用 AddWithValue 声明了该变量。这不正确吗?
最佳答案
问题是您仅使用命令文本实例化 SqlDataAdapter(传递查询但不传递参数),因此它没有传递参数:
Dim ap As New SqlDataAdapter(comm.CommandText, sqlConnection1)
您应该使用该命令并实例化您的命令并传递连接:
Dim comm As New SqlCommand("SELECT [Count] = COUNT(*) FROM ReverseTransferConsent_Attempt WHERE IPaddress = @IPaddress AND CreatedDate > DATEADD(MINUTE, -30, GETDATE())", sqlConnection1)
Dim ap As New SqlDataAdapter(comm)
关于asp.net - VB.NET SQL 限制提交尝试次数,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/20622584/