C# 保存和更新语句不再工作
在我的代码中插入非常必要的行之后-C# 保存和更新语句不再工作,c#,asp.net,sql,visual-studio-2010,C#,Asp.net,Sql,Visual Studio 2010,在我的代码中插入非常必要的行之后- protected void GridView1_SelectedIndexChanged(object sender, EventArgs e) { try { GridViewRow row = GridView1.SelectedRow; AccountNumber.Text = (string)row.Cells[0].Text; .....
protected void GridView1_SelectedIndexChanged(object sender, EventArgs e)
{
try {
GridViewRow row = GridView1.SelectedRow;
AccountNumber.Text = (string)row.Cells[0].Text;
.....
if (DropDownListCurrency.Items.FindByValue(row.Cells[7].Text.ToString().Trim()) != null)
{
DropDownListCurrency.SelectedValue = row.Cells[7].Text.ToString().Trim();
}
}
catch (Exception ex)
{
Console.WriteLine("{0} Exception caught.", ex);
}
}
没有抛出任何错误,所有字段都按其对应的下拉框和文本框中的方式填充。但是,我的save和insert语句不再有效。救命啊
protected void AgentSave_Click(object sender, EventArgs e)
{
try
{
SqlConnection con = new SqlConnection("XX");
SqlCommand command = con.CreateCommand();
command.CommandText =
"Insert into ABC values('" + AccountNumber.Text + "','" + Name.Text + "','" + Address1.Text + "','" + Address2.Text + "', '" + Address3.Text + "','" + PhoneNumber.Text + "','" + FaxNumber.Text + "','" + DropDownListCurrency.Text + "')";
con.Open();
command.ExecuteNonQuery();
con.Close();
Response.Redirect("main.aspx");
}
catch (Exception ex)
{
Console.WriteLine("{0} Exception caught.", ex);
}
}
事实上,这可能不是答案。在注释中传达代码更改变得太难了
您需要像这样处理SqlConnection:
using (var con = new SqlConnection("XX"))
{
SqlCommand command = con.CreateCommand();
command.CommandText = "INSERT ABC VALUES(@AccountNumber, @Name, ";//...you need to fill in all the parameters
command.Parameters.Add("@AccountNumber", SqlDbType.Text);//Pick proper SqlDbType...whatever it is I dunno
command.Parameters["@AccountNumber"].Value = AccountNumber.Text;
//rinse and repeat for rest of params
con.Open();
command.ExecuteNonQuery();
}//using will automatically correctly close and dipose of the connection when con goes out of scope.
请确保参数化sql查询以避免sql注入攻击:它们是。在我插入此语句之前,它们工作正常,但现在不行..请使用参数化sql查询,它们可以避免sql注入攻击。请共享您的完整代码。能否用一些更具体的代码填写
XXX
?是否指定了列名?@new2此-您没有处理SqlConnection
对象。将其包装在using语句中。这可能就是你有问题的原因。它不起作用。仍然不允许我用dropdownlist更新值或保存新记录。@new2这-有什么错误?是否可以运行sql profiler来查看是否正在查询数据库?您是否尝试过通过SSMS直接插入?