0
Следующий мой код, я делаю проект на онлайн-экзамене. Когда я нажимаю на следующую кнопку, вопросы повторяются.Как избежать повторения данных в моем проекте
Imports System.Data.SqlClient
Partial Class Questions
Inherits System.Web.UI.Page
Dim cmd As New SqlCommand
Dim Result As Integer = 0
Dim Question_ID As Integer = Nothing
Dim strconn As String = ConfigurationManager.ConnectionStrings("DefaultConnection").ConnectionString
Dim con As New SqlConnection(strconn)
Protected Sub rblQuestion_SelectedIndexChanged(sender As Object, e As EventArgs) Handles rblQuestion1.SelectedIndexChanged
CheckAnswer(rblQuestion1.SelectedValue, lblQuestion1.Text)
End Sub
Private Sub CheckAnswer(ByVal Answer As String, ByVal Question As String)
Dim RetrievedAnswer As String = Nothing
Try
Dim daQuestionID As New SqlDataAdapter("select Question_ID from tblQuestions where Question='" & Question & "'", con)
Dim dsQuestionID As New Data.DataSet
Dim dtQuestionID As New Data.DataTable
If Not con.State = Data.ConnectionState.Open Then con.Open()
daQuestionID.Fill(dsQuestionID)
dtQuestionID = dsQuestionID.Tables(0)
If Not dtQuestionID.Rows.Count <= 0 Then
If Not IsDBNull(dtQuestionID.Rows(0).Item("Question_ID")) Then
Question_ID = dtQuestionID.Rows(0).Item("Question_ID")
Else
Exit Sub
End If
End If
Catch ex As Exception
End Try
Try
Dim daAnswer As New SqlDataAdapter("select Answer from tblQuestions where Question_ID=" & Question_ID, con)
Dim dsAnswer As New Data.DataSet
Dim dtAnswer As New Data.DataTable
If Not con.State = Data.ConnectionState.Open Then con.Open()
daAnswer.Fill(dsAnswer)
dtAnswer = dsAnswer.Tables(0)
If Not dtAnswer.Rows.Count <= 0 Then
If Not IsDBNull(dtAnswer.Rows(0).Item("Answer")) Then
RetrievedAnswer = dtAnswer.Rows(0).Item("Answer")
End If
End If
If RetrievedAnswer = Answer Then
Try
Dim sr As New IO.StreamReader(System.AppDomain.CurrentDomain.BaseDirectory & "\\result.txt")
Result = sr.ReadLine
sr.Close()
Result = Result + 1
Dim sw As New IO.StreamWriter(System.AppDomain.CurrentDomain.BaseDirectory & "\\result.txt")
sw.WriteLine(Result)
sw.Close()
Catch ex As Exception
End Try
End If
Catch ex As Exception
End Try
End Sub
Protected Sub Page_Load(sender As Object, e As EventArgs) Handles Me.Load
If Not IsPostBack Then
Try
Dim daQuestions As New SqlDataAdapter("SELECT TOP 20 * FROM tblQuestions ORDER BY NEWID()", con)
Dim dsQuestions As New Data.DataSet
Dim dtQuestions As New Data.DataTable
If Not con.State = Data.ConnectionState.Open Then con.Open()
daQuestions.Fill(dsQuestions)
dtQuestions = dsQuestions.Tables(0)
If Not dtQuestions.Rows.Count <= 0 Then
'For Question 1
If Not IsDBNull(dtQuestions.Rows(0).Item("Question")) Then
lblQuestion1.Text = dtQuestions.Rows(0).Item("Question")
End If
If Not IsDBNull(dtQuestions.Rows(0).Item("Option1")) Then
rblQuestion1.Items(0).Text = dtQuestions.Rows(0).Item("Option1")
End If
If Not IsDBNull(dtQuestions.Rows(0).Item("Option2")) Then
rblQuestion1.Items(1).Text = dtQuestions.Rows(0).Item("Option2")
End If
If Not IsDBNull(dtQuestions.Rows(0).Item("Option3")) Then
rblQuestion1.Items(2).Text = dtQuestions.Rows(0).Item("Option3")
End If
If Not IsDBNull(dtQuestions.Rows(0).Item("Option4")) Then
rblQuestion1.Items(3).Text = dtQuestions.Rows(0).Item("Option4")
End If
End If
Catch ex As Exception
End Try
'con.ConnectionString = ConfigurationManager.ConnectionStrings("DefaultConnection").ConnectionString
cmd = New SqlCommand("insert into tblQuestions (Question, Option1, Option2, Option3, Option4,) values (@question, @option1, @option2, @option3, @option4)", con)
cmd.Parameters.AddWithValue("@question", lblQuestion1.Text)
cmd.Parameters.AddWithValue("@option1", rblQuestion1.Text)
cmd.Parameters.AddWithValue("@option2", rblQuestion1.Text)
cmd.Parameters.AddWithValue("@option3", rblQuestion1.Text)
cmd.Parameters.AddWithValue("@option4", rblQuestion1.Text)
'cmdInsertQuestion.Parameters.AddWithValue("@answer", txtAnswer.Text)
Try
con.Open()
cmd.ExecuteNonQuery()
con.Close()
MsgBox(" ")
'txtAnswer.Text = ""
rblQuestion1.Text = ""
rblQuestion1.Text = ""
rblQuestion1.Text = ""
rblQuestion1.Text = ""
Catch ex As Exception
'ex.Message
End Try
End If
End Sub
Protected Sub rblQuestion1_SelectedIndexChanged(sender As Object, e As EventArgs) Handles rblQuestion1.SelectedIndexChanged
End Sub
Protected Sub Button1_Click(ByVal sender As Object, ByVal e As System.EventArgs) Handles Button1.Click
If IsPostBack Then
Try
Dim daQuestions As New SqlDataAdapter("SELECT TOP 20 * FROM tblQuestions ORDER BY NEWID()", con)
Dim dsQuestions As New Data.DataSet
Dim dtQuestions As New Data.DataTable
rblQuestion1.ClearSelection()
If Not con.State = Data.ConnectionState.Open Then con.Open()
daQuestions.Fill(dsQuestions)
dtQuestions = dsQuestions.Tables(0)
If Not dtQuestions.Rows.Count <= 0 Then
If Not IsDBNull(dtQuestions.Rows(0).Item("Question")) Then
lblQuestion1.Text = dtQuestions.Rows(0).Item("Question")
End If
If Not IsDBNull(dtQuestions.Rows(0).Item("Option1")) Then
rblQuestion1.Items(0).Text = dtQuestions.Rows(0).Item("Option1")
End If
If Not IsDBNull(dtQuestions.Rows(0).Item("Option2")) Then
rblQuestion1.Items(1).Text = dtQuestions.Rows(0).Item("Option2")
End If
If Not IsDBNull(dtQuestions.Rows(0).Item("Option3")) Then
rblQuestion1.Items(2).Text = dtQuestions.Rows(0).Item("Option3")
End If
If Not IsDBNull(dtQuestions.Rows(0).Item("Option4")) Then
rblQuestion1.Items(3).Text = dtQuestions.Rows(0).Item("Option4")
End If
End If
Catch ex As Exception
End Try
End If
End Sub
Protected Sub btnSubmit_Click(sender As Object, e As EventArgs) Handles btnSubmit.Click
Try
Dim sr As New IO.StreamReader(System.AppDomain.CurrentDomain.BaseDirectory & "\\result.txt")
Dim finalresult As Integer = sr.ReadLine
sr.Close()
Response.Write("<script type='text/javascript'>alert('Your Score is : " & finalresult & "');</script>")
Dim sw As New IO.StreamWriter(System.AppDomain.CurrentDomain.BaseDirectory & "\\result.txt")
sw.WriteLine(0)
sw.Close()
Catch ex As Exception
End Try
End Sub
End Class
Этот код использует технику, которая является безумной, уязвимой для SQL-инъекций. Вам нужно использовать параметризованные запросы. –