存储过程不使用 Vb.net 返回值

Question

目标：检查用户是否有权限查看页面，以及他们是否不重定向。

问题：点击Command.ExecuteNonQuery() 行时出现错误（见下文）。为了解决这个问题，我添加了Parameter.Size = 1，但每次都“通过”。

错误信息：

System.Data.dll 中出现“System.InvalidOperationException”类型的异常，但未在用户代码中处理

附加信息：String[0]：Size 属性的大小为 0 无效。

我检查了EmployeeID 和ApplicationID 都传入了一个值。我看不到能够获取“访问”值（这是一个单个字母）。

存储过程代码：

ALTER PROCEDURE [dbo].[spSitePermission]
    @EmployeeID varchar(max)
    ,@AppID int
    ,@Access nvarchar OUTPUT
AS

BEGIN 
SET NOCOUNT ON;

SELECT @Access= Access FROM [TbSitePermissions] 
WHERE EmployeeID = @EmployeeID AND ApplicationID = @AppID AND LIVE = 1

END

aspx.vb 代码：

If oUserFunctions.PrcAppPermissionChecker(CInt(oUser.EmployeeID), Me.sModuleNum) = "N" Then
           Response.Redirect("../../Default.aspx")
End If

功能：

Public Function PrcAppPermissionChecker(vEmployeeID As String, vApp As Integer) As String

        '   Try
        Dim connection As SqlConnection
        Dim command As New SqlCommand
        Dim ds As New DataSet
        Dim sAvailable As String = "N"
        Dim ConnectionString As String = System.Configuration.ConfigurationManager.ConnectionStrings("GWPemcoConnectionString").ToString()

        connection = New SqlConnection(ConnectionString)
        connection.Open()

        command.Connection = connection
        command.CommandText = "spSitePermission"
        command.CommandType = CommandType.StoredProcedure

        command.Parameters.Clear()

        Dim parameter As SqlParameter = command.Parameters.Add("@Access", SqlDbType.NVarChar)
        parameter.Direction = ParameterDirection.Output
        ' parameter.Size = 1

        command.Parameters.AddWithValue("EmployeeID", vEmployeeID)
        command.Parameters.AddWithValue("AppID", vApp)

        command.ExecuteNonQuery()
        sAvailable = command.Parameters("@Access").Value.ToString
        command.Dispose()

        '   Catch ex As Exception
        '  End Try

        Return sAvailable

    End Function

Answer 1

正确的方法是使用ExecuteScalar。

“执行查询，并返回查询返回的结果集中第一行的第一列。其他列或行将被忽略。” - MSDN -

.Net

command.Parameters.AddWithValue("EmployeeID", vEmployeeID)
command.Parameters.AddWithValue("AppID", vApp)

sAvailable = CStr(command.ExecuteNonQuery()) '<-- Retrieves the [Access] column.

SQL

ALTER PROCEDURE [dbo].[spSitePermission]
    @EmployeeID varchar(max),
    @AppID int
AS
BEGIN 
    SET NOCOUNT ON;
    SELECT 
        [Access] 
    FROM 
        [TbSitePermissions] 
    WHERE 
        [EmployeeID] = @EmployeeID AND 
        [ApplicationID] = @AppID AND 
        [LIVE] = 1
    ;
END;

另外，我建议您在处理IDisposable 对象时使用Using 关键字。这是一个例子：

Public Function PrcAppPermissionChecker(vEmployeeID As String, vApp As Integer) As String
    Dim result As Object = Nothing
    Using connection As New SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings("GWPemcoConnectionString").ToString())
        connection.Open()
        Using command As SqlCommand = connection.CreateCommand()
            command.CommandText = "spSitePermission"
            command.CommandType = CommandType.StoredProcedure
            command.Parameters.AddWithValue("EmployeeID", vEmployeeID)
            command.Parameters.AddWithValue("AppID", vApp)
            result = command.ExecuteScalar()
        End Using
        connection.Close()
    End Using
    If (IsDBNull(result) OrElse (result Is Nothing)) Then
        Return CStr(Nothing)
    Else
        Return result.ToString()
    End If
End Function