我有一个提交页面,我需要限制用户在特定时间段内可以尝试的次数。
有一个存储过程被调用,它检查数据库1中的某些数据,并记录IP地址和表单提交到数据库2中的日期/时间。
我需要做的就是检查该IP地址在30分钟的时间内记录了多少次尝试,如果该次数超过5,则限制进一步的提交尝试。
这是我的VB代码:
Protected Sub btn_Cont_Click(sender As Object, e As EventArgs) Handles btn_Cont.Click
Dim StudentIDLast4 As Integer = Val(textSSN.Text)
Dim StudentIDInst As String = textSID.Text.ToUpper
Dim DateOfBirth As String = textDOB.Text
Dim IPaddress As String = Request.UserHostAddress()
Dim sqlConnection1 As New SqlConnection("Data Source=(localdb)\v11.0;Initial Catalog=tempdb;Integrated Security=True")
Dim cmd As New SqlCommand
Dim returnValue As String
Dim returnCount As Integer
cmd.CommandText = "proc_ReverseTransferConsent_Find_Match"
cmd.CommandType = CommandType.StoredProcedure
cmd.Parameters.AddWithValue("@StudentIDLast4", StudentIDLast4)
cmd.Parameters.AddWithValue("@StudentIDInst", StudentIDInst)
cmd.Parameters.AddWithValue("@DateOfBirth", DateOfBirth)
cmd.Parameters.AddWithValue("@IPaddress", IPaddress)
cmd.Connection = sqlConnection1
Dim sqlConnection2 As New SqlConnection("Data Source=(localdb)\v11.0;Initial Catalog=tempdb;Integrated Security=True")
Dim attempts As String
Dim comm As New SqlCommand("SELECT [Count] = COUNT(*) FROM ReverseTransferConsent_Attempt WHERE IPaddress = @IPaddress AND CreatedDate > DATEADD(MINUTE, -30, GETDATE())")
Dim ap As New SqlDataAdapter(comm.CommandText, sqlConnection1)
Dim ds As New DataSet()
comm.Parameters.AddWithValue("@IPaddress", IPaddress)
If Page.IsValid Then
sqlConnection2.Open()
ap.Fill(ds)
attempts = ds.Tables(0).Rows.Count.ToString()
sqlConnection2.Close()
sqlConnection1.Open()
returnValue = Convert.ToString(cmd.ExecuteScalar())
sqlConnection1.Close()
returnCount = returnValue.Length
If attempts <= 5 Then
If returnCount > 4 Then
Response.Redirect("RTAgreement.aspx?rVal=" + returnValue)
Else
Label2.Text = StudentIDInst
End If
ElseIf attempts > 5 Then
Label2.Text = "Only 5 submission attempts allowed per 30 minutes"
End If
End If
End Sub
这给了我错误:
System.Data.dll中发生类型'System.Data.SqlClient.SqlException'的异常,但未在用户代码中处理
附加信息:必须声明标量变量“ @IPaddress”。
我使用AddWithValue声明了变量。那不正确吗?
问题是您SqlDataAdapter
仅实例化了使用的命令文本(传递查询而不传递参数),因此它没有传递参数:
Dim ap As New SqlDataAdapter(comm.CommandText, sqlConnection1)
您应该改用命令,并通过连接实例化命令:
Dim comm As New SqlCommand("SELECT [Count] = COUNT(*) FROM ReverseTransferConsent_Attempt WHERE IPaddress = @IPaddress AND CreatedDate > DATEADD(MINUTE, -30, GETDATE())", sqlConnection1)
Dim ap As New SqlDataAdapter(comm)
本文收集自互联网,转载请注明来源。
如有侵权,请联系[email protected] 删除。
我来说两句