Getting Error: Not all code paths a value

Question

public bool loginpro(string loginas, string dept, string usnm, string pass)
{
    try
    {
        string qrstr;
        qrstr = "select * from login where loginas=='" + loginas + "',dept=='" + dept + "',usnm=='" + usnm + "',pass=='" + pass + "'";
        Gencon.Open();
        SqlCommand cmd = new SqlCommand(qrstr, Gencon);
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataTable dt = new DataTable();
        da.Fill(dt);
        Gencon.Close();
        if (dt.Rows.Count > 0)
        {
            return true;
        }


    }
    catch (Exception e)
    {
        return false;
    }
}

Answer 1

问题出在try块中，try块returns值只有在DataTable有行时才会有，如果没有行怎么办？

if (dt.Rows.Count > 0)
{
    return true;
}
else
{
    // has to return something.
    return false; 
}

或者你可以使用

简化这个

return dt.Rows.Count > 0 ;  // assuming in else you want to return false.

Answer 2

你的代码有很多问题。当然编译器会在编译时阻止你，但是你会在运行时得到其他错误

所以修复编译时问题很容易。如果您的查询没有返回任何行，只需写一个返回值：

    // This returns true if you have rows, false if not
    return (dt.Rows.Count > 0);

现在你在运行时会遇到的问题如下

SQL中的等于运算符是 = not ==
多个WHERE条件应该用逻辑运算符连接（和，或）
sql 文本应参数化

。

public bool loginpro(string loginas, string dept, string usnm, string pass)
{
    try
    {
        string qrstr;
        qrstr = @"select * from login where loginas=@login and dept = @dept
                 and usnm = @user and pass= @pass";
        Gencon.Open();
        SqlCommand cmd = new SqlCommand(qrstr, Gencon);
        cmd.Parameters.Add("@login", SqlDbType.NVarChar).Value = loginas;
        cmd.Parameters.Add("@dept", SqlDbType.NVarChar).Value = dept;
        cmd.Parameters.Add("@user", SqlDbType.NVarChar).Value = usnm;
        cmd.Parameters.Add("@pass", SqlDbType.NVarChar).Value = pass;
        SqlDataAdapter da = new SqlDataAdapter(cmd);
        DataTable dt = new DataTable();
        da.Fill(dt);
        Gencon.Close();
        return (dt.Rows.Count > 0);
    }
    catch (Exception e)
    {
        Gencon.Close();
        return false;
    }
}

还有其他问题，例如不使用 using statement and trying to pass a clear text password to your database 引擎可能会导致内存泄漏和安全问题。

Answer 3

错误的直接原因是 .Net 不知道 如果您有 零行[=18]，return 的值是多少=]:

... if (dt.Rows.Count > 0) { return true; } ... // what should be returned? true or false?

我建议将方法重写成这样：

public bool loginpro(string loginas, string dept, string usnm, string pass) { //DONE: Make SQL readable; debug it ( "=" instead of "==" ) //DONE: Do not fetch redundant data (select * ...) //DONE: Make SQL parametrized String sql = @"select 1 from login where loginas = @prm_loginas and dept = @prm_ dept and usnm = @prm_user and pass = @pass"; //TODO: do not store password, but its hash value try { //DONE: wrap IDisposable into using //DONE: do not use global SQL connections Gencon.Open()...Gencon.Close() using (SqlConnection con = new SqlConnection(connectionStringHere)) { con.Open(); //DONE: wrap IDisposable into using using (SqlCommand cmd = new SqlCommand(sql, con)) { cmd.Parameters.Add("@prm_loginas", SqlDbType.NVarChar).Value = loginas; cmd.Parameters.Add("@prm_ dept", SqlDbType.NVarChar).Value = dept; cmd.Parameters.Add("@prm_user", SqlDbType.NVarChar).Value = usnm; //TODO: do not pass password! Pass hash value instead cmd.Parameters.Add("@pass", SqlDbType.NVarChar).Value = pass; //DONE: wrap IDisposable into using //DONE: do not fetch redundant data (you want at most one record only) using (var reader = cmd.ExecuteReader()) { return reader.Read(); // <- cursor has at least one record } } } } catch (DbException ee) { //DONE: do not catch all the exceptions return false; } }

Getting Error: Not all code paths a value

Getting Error: Not all code paths a value

c#

sql

sqlcommand