我需要使用qt创建者将用户名和密码值插入数据库,并且两个用户名不能相同。完成该检查后,我应该继续插入。当我在下面运行代码时,数据库中没有任何更改。我似乎找不到问题,也不知道如何进行。有什么办法可以改善我的代码?
void LoginScreen::createClicked()
{
QString username{ui -> newUsernameInput -> text()};
QString password{ui -> newPasswordInput -> text()};
QString command{"SELECT username FROM users WHERE username = '" + username + '\''};
QSqlQuery query(db);
bool ok{query.exec(command)};
if(ok)
{
while(query.next())
{
QString newUsername{query.value("username").toString()};
if(username == newUsername)
{
QMessageBox::information(this, "Error", "Username already exists!");
ui -> newUsernameInput -> clear();
ui -> newPasswordInput -> clear();
}
else
{
QString insertCommand{"INSERT INTO users (username, password) VALUES ('"
+ username + "', '" + password + "');"};
QSqlQuery quer(db);
query.exec(insertCommand);
}
}
}
如果用户名不存在于数据库中,则该语句为假:
while(query.next())
即没有记录返回。
您正在为查询构建字符串,但改用准备好的查询。它不仅会处理用户名和密码中的特殊字符,而且还能防止注入攻击。我会像这样重组您的代码:
无效LoginScreen :: createClicked(){QString用户名{ui-> newUsernameInput-> text()};QString密码{ui-> newPasswordInput-> text()};
QSqlQuery query(db);
query.prepare("SELECT username FROM users WHERE username = :username");
query.bindValue(":username", username);
bool ok{query.exec(command)};
if(ok)
{
if (query.next())
{
QString newUsername{query.value("username").toString()};
if(username == newUsername)
{
QMessageBox::information(this, "Error", "Username already exists!");
ui -> newUsernameInput -> clear();
ui -> newPasswordInput -> clear();
}
}
else
{
QSqlQuery query(db);
query.prepare("INSERT INTO users (username, password) VALUES(:username,:password)");
query.bindValue(":username", username);
query.bindValue(":password", password);
query.exec();
}
}