Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/270.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
c#asp.net-将数据插入数据库(不要知道我哪里出错)_C#_Mysql_Sql_Asp.net_Database - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • c#asp.net-将数据插入数据库(不要知道我哪里出错)

c#asp.net-将数据插入数据库(不要知道我哪里出错)

c# mysql sql asp.net database

c#asp.net-将数据插入数据库(不要知道我哪里出错),c#,mysql,sql,asp.net,database,C#,Mysql,Sql,Asp.net,Database,c#asp.net-将数据插入数据库(不要知道我哪里出错)-此代码正在执行,但根本不起作用!我试图通过我创建的网站提供数据,但它不会反映在我的数据库中,在所有plz帮助 using System; using System.Configuration; using System.Data; using System.Linq; using System.Web; using System.Web.Security; using System.Web.UI; using System.Web.UI

c#asp.net-将数据插入数据库(不要知道我哪里出错)-此代码正在执行,但根本不起作用!我试图通过我创建的网站提供数据,但它不会反映在我的数据库中,在所有plz帮助

using System;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;
public partial class _Default : System.Web.UI.Page

{
    SqlConnection con = new SqlConnection("Data Source=GARGI-PC\\ROOT;Initial Catalog=master;Integrated Security=True");
    protected void page_load(object sender, EventArgs e)
    {}

    public void refress()
    {

        comment1.Text = "";

        software1.Checked = true;

        hardware1.Checked = false;

        both1.Checked = false;

        others.Checked = false;
    }
    protected void btn(object sender, EventArgs e)
    {
        string type = string.Empty ;

        if (hardware1.Checked == true)
        {
            type =  "hardware";
        }
         if (software1.Checked == true)
        {
            type = "software";
        }
         if (both1.Checked == true)
        {
            type = "both";
        }
         if (others.Checked == true)
        {
            type = "others";
        }



        SqlCommand cmd = new SqlCommand("insert into main_page (type, discription,time) values('" + type + "','" + comment1.Text + "','" + "','"+"now()')", con);

        cmd.CommandType = CommandType.Text;

        try

        {

            con.Open();

            cmd.ExecuteNonQuery();

            con.Close();

            refress();

        }

        catch (Exception ex)

        { 

        }

    }

   public void btn_clear(object sender, EventArgs e)

    {
        refress();

    }

}
看起来您的
INSERT
语句中有一个双逗号

+ "','" + "','"

INSERT
语句应该如下所示:

INSERT INTO main_page (type, description, time) VALUES ('Type', 'Description', NOW())
此外,您还容易受到SQL注入的影响,您应该为所有输入设置而不是信任用户提供的数据。作为一个基本示例:

MySqlCommand command = new MySqlCommand("INSERT INTO main_page (Description) VALUES @Description");
command.Parameters.AddWithValue("@Description", comment1.Text);
如果用户在Comment1文本框中输入SQL语句,这将保护您

ArbitaryData; DROP TABLE main_page;
您确实应该使用命令参数。在此,请尝试以下示例:

public static void AddSong(Songs s)
    {
        using (SqlConnection sqlcon = new SqlConnection(SQL_getConnectionString.conStr()))
        {
            sqlcon.Open();
            try
            {
                string query = "INSERT INTO Songs VALUES(@Id, @Name, @Artist, @Album, @TrackNumber, @TrackNumberCount, " +
                    "@Genre, @Rating, @Tags, @Subject, @Categories, @Comments, @FileName, @FolderName, @FolderPath, " +
                    "@FullPath, @Length, @PlayCount, @SkipCount, @LastPlayed)";

                using (SqlCommand cmd = new SqlCommand(query, sqlcon))
                {
                    cmd.Parameters.Add("@Id", SqlDbType.Int).Value = s.Id;
                    cmd.Parameters.Add("@Name", SqlDbType.VarChar, 250).Value = s.Name;
                    cmd.Parameters.Add("@Album", SqlDbType.VarChar, 250).Value = s.Album;
                    cmd.Parameters.Add("@Artist", SqlDbType.VarChar, 250).Value = s.Artist;
                    cmd.Parameters.Add("@TrackNumber", SqlDbType.Int).Value = s.TrackNumber;
                    cmd.Parameters.Add("@TrackNumberCount", SqlDbType.Int).Value = s.TrackNumberCount;
                    cmd.Parameters.Add("@Genre", SqlDbType.VarChar, 500).Value = s.Genre;
                    cmd.Parameters.Add("@Rating", SqlDbType.Int).Value = s.Rating;
                    cmd.Parameters.Add("@Tags", SqlDbType.VarChar, 500).Value = s.Tags;
                    cmd.Parameters.Add("@Subject", SqlDbType.VarChar, 500).Value = s.Subject;
                    cmd.Parameters.Add("@Categories", SqlDbType.VarChar, 500).Value = s.Categories;
                    cmd.Parameters.Add("@Comments", SqlDbType.VarChar, -1).Value = s.Comments;
                    cmd.Parameters.Add("@FileName", SqlDbType.VarChar, 500).Value = s.FileName;
                    cmd.Parameters.Add("@FolderName", SqlDbType.VarChar, 500).Value = s.FolderName;
                    cmd.Parameters.Add("@FolderPath", SqlDbType.VarChar, -1).Value = s.FolderPath;
                    cmd.Parameters.Add("@FullPath", SqlDbType.VarChar, -1).Value = s.FullPath;
                    cmd.Parameters.Add("@Length", SqlDbType.VarChar, 50).Value = s.Length;
                    cmd.Parameters.Add("@PlayCount", SqlDbType.Int).Value = s.PlayCount;
                    cmd.Parameters.Add("@SkipCount", SqlDbType.Int).Value = s.SkipCount;
                    cmd.Parameters.Add("@LastPlayed", SqlDbType.VarChar, 50).Value = s.LastPlayed;

                    int rows = cmd.ExecuteNonQuery();
                    sqlcon.Close();

                }

            }
            catch (Exception ex)
            {
                Console.WriteLine("Could not insert. {0}", s.Name);
                Console.WriteLine("Error Message {0}", ex.Message);
            }


        }
    }