做了一个投票限制,大概是限制30分钟内只能投票一次,思路是:读取用户电脑IP,与数据库里面的存储IP进行比较,如果两者时间差>30则可以投票,否则不能投票.如果没有时间差,则可以投票,同时记录IP,时间现在有个疑问 Request.ServerVariables["REMOTE_ADDR"]; 所取得的IP地址是多少位?比如127.0.0.1 到底算15位还是9位?我认为我的代码没有问题,关键是在比较上, Request.ServerVariables["REMOTE_ADDR"]; 取得的IP地址,虽然跟数据库的是一样,但是肯定在字长上出问题了,其它的已测,没有问题.就是在select语句的读取上,希望高人相助:系统数据库字段 access_time varchar(50) auto_num 自动增量 user_IP varchar(15)
代码如下:
string guestip = Request.ServerVariables["REMOTE_ADDR"];
Response.Write(guestip);
string ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\Database.mdf;Integrated Security=True;User Instance=True";
//string Sql="Select user_IP From userip Where user_IP= '+ guestip'"; //Sql+="Order By auto_num Desc";
string Sql = " SELECT user_IP FROM userip Where user_IP='+guestip '";
Sql+=" ORDER BY [auto_num] DESC "; SqlConnection thisConnection = new SqlConnection(ConnectionString);
SqlCommand thisCommand = new SqlCommand(Sql, thisConnection);
// thisCommand.CommandType = CommandType.Text; thisCommand.Connection.Open(); SqlDataReader dr = thisCommand.ExecuteReader(); while (dr.Read())
{
Response.Write(dr["user_IP"]);
} dr.Close();
thisCommand.Connection.Close();
代码如下:
string guestip = Request.ServerVariables["REMOTE_ADDR"];
Response.Write(guestip);
string ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\Database.mdf;Integrated Security=True;User Instance=True";
//string Sql="Select user_IP From userip Where user_IP= '+ guestip'"; //Sql+="Order By auto_num Desc";
string Sql = " SELECT user_IP FROM userip Where user_IP='+guestip '";
Sql+=" ORDER BY [auto_num] DESC "; SqlConnection thisConnection = new SqlConnection(ConnectionString);
SqlCommand thisCommand = new SqlCommand(Sql, thisConnection);
// thisCommand.CommandType = CommandType.Text; thisCommand.Connection.Open(); SqlDataReader dr = thisCommand.ExecuteReader(); while (dr.Read())
{
Response.Write(dr["user_IP"]);
} dr.Close();
thisCommand.Connection.Close();
这里没有问题吗?前面多了加号,后面多了2个空格
SqlCommand selcmd = new SqlCommand(Sql, thisConnection);
selcmd.Parameters.Add(new SqlParameter("@guestip", SqlDbType.NVarChar, 50));
selcmd.Parameters["@guestip"].Value = "你获取的数据";
string sql;//sql操作命令
SqlConnection conn;
SqlCommand cmd;
SqlDataReader Rd;
string ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\Database.mdf;Integrated Security=True;User Instance=True";
double nexttime;//差值用来判断上次投票中间过去的时间
double s;
TimeSpan dt = new TimeSpan();
string guestip = Request.ServerVariables["REMOTE_ADDR"];//取得用户IP conn = new SqlConnection(ConnectionString);//创建链接
conn.Open();
sql = "Select user_IP from userip Where user_IP = ' +guestip+ '";
sql += "Order By auto_num Desc"; cmd = new SqlCommand(sql, conn); Rd = cmd.ExecuteReader(); while (Rd.Read())
{ dt = DateTime.Now - Convert.ToDateTime(Rd["access_time"]);//将读取的IP的时间字段与当前时间进行计算 s = dt.TotalMinutes; //获取时间差的秒数
nexttime = 30 - s;//半小时与时间差秒数的差
Rd.Close();
if (nexttime < 0)
{ string ss = DateTime.Now.ToString();
sql = "INSERT INTO [userip] ([access_time], [user_IP]) VALUES ( '" + ss + " ', '" + guestip + " ')"; //这段不熟悉,sql语句,基本功不好! cmd = new SqlCommand(sql, conn); cmd.ExecuteNonQuery(); Label1.Text = "更新新IP时间";
} Label1.Text = "你已经投过票了,30分钟内不能重复投票"; }
conn.Close();
conn = new SqlConnection(ConnectionString);//创建链接
conn.Open(); string xx = DateTime.Now.ToString();
sql = "INSERT INTO [userip] ([access_time], [user_IP]) VALUES ( '" + xx + " ', '" + guestip + " ')"; //这段不熟悉,sql语句,基本功不好! cmd = new SqlCommand(sql, conn); cmd.ExecuteNonQuery();
Label1.Text = "数据表中无记录,现在记录新IP";
sql = "INSERT INTO [userip] ([access_time], [user_IP]) VALUES ( '" + ss + " ', '" + guestip + " ')";
cmd = new SqlCommand(sql, conn);
cmd.ExecuteNonQuery(); string Sql ="INSERT INTO [userip] ([access_time], [user_IP]) VALUES (@ss,@guestip)";
SqlCommand cmd = new SqlCommand(Sql, con);
cmd.Parameters.Add(new SqlParameter("@ss", SqlDbType.NVarChar, 50));
cmd.Parameters["@ss"].Value = "ss的值";
cmd.Parameters.Add(new SqlParameter("@guestip", SqlDbType.NVarChar, 50));
cmd.Parameters["@guestip"].Value = "guestip的值";
cmd.ExecuteNonQuery();
这句生成的最终结果是
SELECT user_IP FROM userip Where user_IP= '+guestip'
IP里是不可能有这样的地址的,可以试下下面这个.
string Sql = " SELECT user_IP FROM userip Where user_IP= '" + guestip + "'";
{
string guestip = Request.ServerVariables["REMOTE_ADDR"];
string ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\Database.mdf;Integrated Security=True;User Instance=True"; string Sql = " SELECT user_IP FROM userip Where user_IP= '"+guestip+"'"; Sql+=" ORDER BY auto_num DESC";
SqlConnection thisConnection = new SqlConnection(ConnectionString);
SqlCommand thisCommand = new SqlCommand(Sql, thisConnection);
thisCommand.CommandType = CommandType.Text;
thisCommand.Connection.Open(); SqlDataReader dr = thisCommand.ExecuteReader(); if (dr.Read())
{
Response.Write(dr["user_IP"]);
}
dr.Close();
Response.Write("没有您搜索的IP");
thisCommand.Connection.Close();
}这样能够输出 127.0.0.1 但是也输出了"没有您搜索的IP",也就是用guestip取得客户端的IP 127.0.0.1 与系统数据表存储的127.0.0.1不一样了,各位给个思路或点子啊,如何解决?