本文介绍了如果帐单号存在则显示消息已存在的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我如何检查账单号是否合适。已存储在数据库中,然后消息框显示帐单号。已经存在公司ID,我有1个billno.textbox输入账单号。如果我不输入任何不。自动增加1比1.如果我输入任何其他不喜欢:11存储并开始增加11,一个接一个。



这里我正在尝试。它成功地运行但不检查否。这个数字是否存在





How can i check if bill no. already stored in database then Message Box show bill no. already exist where company id ,I've 1 billno.textbox for enter bill no. if i'm not enter any no. that automatically increase 1 by 1. if i enter any other no like:11 that store and start increasing 11, one by one.

here i'm trying.It run successfuly but it not check no. the number is exists or not


<pre>  private int billno(string p)
        {
            Int32 Billno = 0;
            //s = Billno;
            cmd = new SqlCommand(p, con);
            int k;
            con.Open();

            if (txtbill.Text != "")
            {

                //check();

                 //cmd = new SqlCommand("IF NOT EXISTS (SELECT Billno FROM MainBillForm WHERE Company_ID = Company_ID)Select ISNULL(Max(Billno+1),1) From MainBillForm where Company_ID=" + GlobalVariable.companyId, con);
                 Billno = Convert.ToInt32(txtbill.Text);
                 k = Billno;

                 s = k;

                 k = (Int32)cmd.ExecuteScalar();
                 con.Close();
                 return Billno;

            }
            else
            {
                //s = k + 1;
                Billno = s;

                Billno = (Int32)cmd.ExecuteScalar();
                con.Close();
                return Billno;
            }









semidisc = semidisc + Convert。 ToDouble(g1.Cells [8] .FormattedValue.ToString());

overallttl = overallttl + Convert.ToDouble(g1.Cells [9] .FormattedValue.ToString());



// overallttl_wtax = overallttl_wtax + Convert.ToDouble(g1.Cells [16] .FormattedValue.ToString());

}

}

catch(例外)

{

MessageBox.Show(alredy ext);

}

double discount = 0;

if(discounttxt.Text!=&& chk_DiscPerct.Checked == true)

{

discount =(_subTotal * Convert.ToDouble(discounttxt.Text))/ 100;

}

else if(discounttxt.Text !=)

{

discount = Convert.ToDouble(discounttxt.Text);

}

SqlCommand cmd1 =新的SqlCommand(插入MainBillForm(Billno,名称,日期,Shipped_Details,Order_Number,Sno,Product_Name,描述,Hsn_Code,数量,单位,费率,金额,折扣,Taxable_Amount+

Addcost,Sub_Total,Sub_Discount,Total_Amount,Company_ID)+

Values('+ Billno +','+ custid +','+ dateTimePicker1.Text +','+ comboShipped.SelectedValue.ToString()+' ,'+ ONtxt.Text +','+ 0 +','+0+','

+0+','+ 0+','+0+','+0+','+ 0 +','

+ semittl +' ,'+ semidisc +','+ overallttl +','+ Convert.ToDouble(isEmpty(addcosttxt.Text))+','+ Convert.ToDouble(isEmpty(totalamounttxt.Text))+ ','+折扣+ ','+ Convert.ToDouble(isEmpty(txtNewTotal.Text))+',+ GlobalVariable.companyId +),con);



con .Open();

cmd1.ExecuteNonQuery();

con.Close();

comboBox_Custname.Text =;

//dateTimePicker1.Value = DateTime.Now; ONtxt.Text =;

totalamounttxt.Text =;

comboBoxproduct.Text =;

dectxt.Text = ;

combounit.Text =;

qtytxtprice.Text =;

txtqty.Text =;

txttax.Text =;

discounttxt.Text =;

addcosttxt.Text =;

txtNewTotal.Text =;

Subtxt.Text =;

txtdiscount.Text =;

dataGridView.Rows.Clear ();

MessageBox.Show(记录已插入的SuccessFully);

}



我尝试过:







semidisc = semidisc + Convert.ToDouble(g1.Cells[8].FormattedValue.ToString());
overallttl = overallttl + Convert.ToDouble(g1.Cells[9].FormattedValue.ToString());

// overallttl_wtax = overallttl_wtax + Convert.ToDouble(g1.Cells[16].FormattedValue.ToString());
}
}
catch (Exception)
{
MessageBox.Show("alredy ext");
}
double discount = 0;
if (discounttxt.Text != "" && chk_DiscPerct.Checked == true)
{
discount = (_subTotal * Convert.ToDouble(discounttxt.Text)) / 100;
}
else if (discounttxt.Text != "")
{
discount = Convert.ToDouble(discounttxt.Text);
}
SqlCommand cmd1 = new SqlCommand("insert into MainBillForm (Billno,Name,Date,Shipped_Details,Order_Number,Sno,Product_Name,Description,Hsn_Code,Qty,Unit,Rate,Amount,Discount,Taxable_Amount" +
"Addcost,Sub_Total,Sub_Discount,Total_Amount,Company_ID) " +
" Values ('" + Billno + "','" + custid + "','" + dateTimePicker1.Text + "','" + comboShipped.SelectedValue.ToString() + "','" + ONtxt.Text + "','" + 0 + "','" +"0" + "','"
+ "0" + "','" + "0" + "','" + "0" + "','" + "0" + "','" +0 + "','"
+ semittl + "','" + semidisc + "','" + overallttl + "','" + Convert.ToDouble(isEmpty(addcosttxt.Text)) + "','" + Convert.ToDouble(isEmpty(totalamounttxt.Text)) + "','" + discount+ "','" + Convert.ToDouble(isEmpty(txtNewTotal.Text)) + "'," + GlobalVariable.companyId + ")", con);

con.Open();
cmd1.ExecuteNonQuery();
con.Close();
comboBox_Custname.Text = "";
//dateTimePicker1.Value = DateTime.Now; ONtxt.Text = "";
totalamounttxt.Text = "";
comboBoxproduct.Text = "";
dectxt.Text = "";
combounit.Text = "";
qtytxtprice.Text = "";
txtqty.Text = "";
txttax.Text = "";
discounttxt.Text = "";
addcosttxt.Text = "";
txtNewTotal.Text = "";
Subtxt.Text = "";
txtdiscount.Text = "";
dataGridView.Rows.Clear();
MessageBox.Show("Records Inserted SuccessFully");
}

What I have tried:

<pre>private void Insertbtn_Click(object sender, EventArgs e)
       {
           if (comboBox_Custname.SelectedIndex == 0)//Nothing selected
           {
               MessageBox.Show("You must select a ComboBox Values type");
               comboBox_Custname.Focus();
               return;
           }
           if (dataGridView.RowCount == 0)
           {
               MessageBox.Show("there are no items in the list to add");
               return;
           }
           string custid = "";
           if (comboBox_Custname.SelectedIndex < 0)
           {
               try
               {
                   cmd = new SqlCommand("insert into Customer_Details(CustName) values(@CustName)", con);
                   con.Open();
                   cmd.Parameters.AddWithValue("@CustName", comboBox_Custname.Text);
                   cmd.ExecuteNonQuery();
                   con.Close();
               }
               catch { }
               try
               {
                   SqlCommand cmd = new SqlCommand("SELECT max(CustID)FROM Customer_Details", con);
                   SqlDataAdapter sda = new SqlDataAdapter(cmd);
                   DataTable dt = new DataTable();
                   sda.Fill(dt);
                   custid = dt.Rows[0][0].ToString();
               }
               catch { }
           }
           else
           {
               custid = comboBox_Custname.SelectedValue.ToString();
           }


           int Billno = billno("IF NOT EXIST( Select ISNULL(Max(Billno+1),1) From MainBillForm where Company_ID=)" + GlobalVariable.companyId) ;



           double semittl=0, semidisc=0, overallttl = 0 ,  overallttl_wtax = 0;
           try
           {
               foreach (DataGridViewRow g1 in dataGridView.Rows)
               {
                   //double ttl = (Convert.ToDouble(g1.Cells[4].FormattedValue.ToString()) * Convert.ToDouble(g1.Cells[6].FormattedValue.ToString()));

                   SqlCommand cmd = new SqlCommand("insert into MainBillForm (Billno,Name,Date,Shipped_Details,Order_Number,Sno,Product_Name,Description,Hsn_Code,Qty,Unit,Rate,Amount,Discount,Taxable_Amount" +
                       "Addcost,Sub_Total,Sub_Discount,Total_Amount,Company_ID) " +
                       " Values ('" + Billno + "','" + custid + "','" + dateTimePicker1.Text + "','" + comboShipped.SelectedValue.ToString() + "','" + ONtxt.Text + "','" + Convert.ToInt16(g1.Cells[0].FormattedValue.ToString()) + "','" + g1.Cells[17].FormattedValue.ToString() + "','"
                       + g1.Cells[2].FormattedValue.ToString() + "','" + g1.Cells[3].FormattedValue.ToString() + "','" + g1.Cells[4].FormattedValue.ToString() + "','" + g1.Cells[18].FormattedValue.ToString() + "','" + g1.Cells[6].FormattedValue.ToString() + "','"
                       + g1.Cells[7].FormattedValue.ToString() + "','" + g1.Cells[8].FormattedValue.ToString() + "','" + g1.Cells[9].FormattedValue.ToString() + "','" + g1.Cells[10].FormattedValue.ToString() + "','" + g1.Cells[11].FormattedValue.ToString() + "','"
                       + g1.Cells[12].FormattedValue.ToString() + "','" + g1.Cells[13].FormattedValue.ToString() + "','" + g1.Cells[14].FormattedValue.ToString() + "','" + g1.Cells[15].FormattedValue.ToString() + "','" + 0.00 + "','" + 0.00 + "','" + 0.00 + "','" + g1.Cells[16].FormattedValue.ToString() + "','" + GlobalVariable.companyId + "')", con);
                   con.Open();
                   cmd.ExecuteNonQuery();
                   con.Close();

                   semittl = semittl + Convert.ToDouble(g1.Cells[7].FormattedValue.ToString());

推荐答案

Quote:

如何检查账单号是否可以。已存储在数据库中,然后消息框显示帐单号。已经存在公司ID,我有1个billno.textbox输入账单号。如果我不输入任何不。自动增加1比1.如果我输入任何其他不喜欢:11存储并开始增加11,逐个。

How can i check if bill no. already stored in database then Message Box show bill no. already exist where company id ,I've 1 billno.textbox for enter bill no. if i'm not enter any no. that automatically increase 1 by 1. if i enter any other no like:11 that store and start increasing 11, one by one.



整个想法是错误的,因为它不兼容多用户应用程序。

[]



不是你问题的解决方案,而是你遇到的另一个问题。

永远不要通过连接字符串来构建SQL查询。迟早,您将使用用户输入来执行此操作,这会打开一个名为SQL注入的漏洞,这对您的数据库很容易并且容易出错。

名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞,崩溃是最少的问题,恶意用户输入,并且它被提升为具有所有凭据的SQL命令。

[]

[]


The whole idea is wrong because it is not compatible with multi-user apps.
SQL AUTO INCREMENT a Field[^]

Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]



//cmd = new SqlCommand("IF NOT EXISTS (SELECT Billno FROM MainBillForm WHERE Company_ID = Company_ID)Select ISNULL(Max(Billno+1),1) From MainBillForm where Company_ID=" + GlobalVariable.companyId, con);





TO:





TO:

//To get the next number, presuming your GlobalVariable.companyId is a number.
cmd = new SqlCommand("SELECT max(Billno) + 1 FROM MainBillForm WHERE Company_ID = "+ GlobalVariable.companyId, con);
int nextBillNo = (int)cmd.ExecuteScalar();


这篇关于如果帐单号存在则显示消息已存在的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!

08-23 18:12