C# 保存和更新语句不再工作
在我的代码中插入非常必要的行之后-C# 保存和更新语句不再工作,c#,asp.net,sql,visual-studio-2010,C#,Asp.net,Sql,Visual Studio 2010,在我的代码中插入非常必要的行之后- protected void GridView1_SelectedIndexChanged(object sender, EventArgs e) { try { GridViewRow row = GridView1.SelectedRow; AccountNumber.Text = (string)row.Cells[0].Text; .....
protected void GridView1_SelectedIndexChanged(object sender, EventArgs e)
{
try {
GridViewRow row = GridView1.SelectedRow;
AccountNumber.Text = (string)row.Cells[0].Text;
.....
if (DropDownListCurrency.Items.FindByValue(row.Cells[7].Text.ToString().Trim()) != null)
{
DropDownListCurrency.SelectedValue = row.Cells[7].Text.ToString().Trim();
}
}
catch (Exception ex)
{
Console.WriteLine("{0} Exception caught.", ex);
}
}
protected void AgentSave_Click(object sender, EventArgs e)
{
try
{
SqlConnection con = new SqlConnection("XX");
SqlCommand command = con.CreateCommand();
command.CommandText =
"Insert into ABC values('" + AccountNumber.Text + "','" + Name.Text + "','" + Address1.Text + "','" + Address2.Text + "', '" + Address3.Text + "','" + PhoneNumber.Text + "','" + FaxNumber.Text + "','" + DropDownListCurrency.Text + "')";
con.Open();
command.ExecuteNonQuery();
con.Close();
Response.Redirect("main.aspx");
}
catch (Exception ex)
{
Console.WriteLine("{0} Exception caught.", ex);
}
}
using (var con = new SqlConnection("XX"))
{
SqlCommand command = con.CreateCommand();
command.CommandText = "INSERT ABC VALUES(@AccountNumber, @Name, ";//...you need to fill in all the parameters
command.Parameters.Add("@AccountNumber", SqlDbType.Text);//Pick proper SqlDbType...whatever it is I dunno
command.Parameters["@AccountNumber"].Value = AccountNumber.Text;
//rinse and repeat for rest of params
con.Open();
command.ExecuteNonQuery();
}//using will automatically correctly close and dipose of the connection when con goes out of scope.
请确保参数化sql查询以避免sql注入攻击:它们是。在我插入此语句之前,它们工作正常,但现在不行..请使用参数化sql查询,它们可以避免sql注入攻击。请共享您的完整代码。能否用一些更具体的代码填写
XXXSqlConnection