C# OnClick事件未运行
我有这个功能:C# OnClick事件未运行,c#,mysql,asp.net,C#,Mysql,Asp.net,我有这个功能: protected void register(object sender, EventArgs e) { db_connection(); try { string emailAddress = emailReg.Text.ToString(); string passwordR = passwordReg.Text.ToString(); string firstName = forename.Text.
protected void register(object sender, EventArgs e)
{
db_connection();
try
{
string emailAddress = emailReg.Text.ToString();
string passwordR = passwordReg.Text.ToString();
string firstName = forename.Text.ToString();
string lastName = surname.Text.ToString();
string telephoneV = telephone.Text.ToString();
string addressV = address.Text.ToString();
string address2V = address2.Text.ToString();
string countyV = county.Text.ToString();
string postcodeV = postcode.Text.ToString();
string countryV = country.Text.ToString();
//converts data submitted to form into variables
var cmd = new MySqlCommand();
cmd.CommandText = "insert into mydb1.address values(null,'" + addressV.ToString() + "','" + address2V + "','" + countyV + "','" + postcodeV + "','" + countryV + "')";
cmd.ExecuteNonQuery(); //above sql statements insert variables into the database
long id1 = cmd.LastInsertedId;
cmd.CommandText = "insert into mydb1.person values(null,'" + firstName.ToString() + "','" + lastName + "','" + telephoneV + "','" + emailAddress + "','" + id1 + "','" + passwordR + "')";
cmd.ExecuteNonQuery();
connect.Dispose(); //removes any stored data that is no longer needed
connect.Close(); //closes the connection to the database
Response.Redirect("myAccount.aspx");
}
这应该是用用户输入表单的详细信息更新我的数据库,但是当单击按钮时,页面只是刷新,似乎没有添加到数据库中。我用试一试是错的吗
编辑:这是.aspx代码
<div class="registerWrapper">
<asp:TextBox CssClass="form-control" ID ="emailReg" runat="server" placeholder="Email"></asp:TextBox><br/>
<asp:TextBox CssClass="form-control" ID="passwordReg" TextMode="Password" runat="server" placeholder="Password"></asp:TextBox><br />
<asp:TextBox CssClass="form-control" ID="forename" runat="server" placeholder="First Name"></asp:TextBox><br />
<asp:TextBox CssClass="form-control" ID="surname" runat="server" placeholder="Surname"></asp:TextBox><br />
<asp:TextBox CssClass="form-control" ID="telephone" runat="server" placeholder="Telephone"></asp:TextBox><br />
<div class="nextButton btn btn-primary">
Next
</div>
</div><!-- /addressWrapper -->
<div class="addressWrapper">
<asp:TextBox CssClass="form-control" ID ="address" runat="server" placeholder="Address - Line 1"></asp:TextBox><br/>
<asp:TextBox CssClass="form-control" ID="address2" runat="server" placeholder="Line 2"></asp:TextBox><br />
<asp:TextBox CssClass="form-control" ID="county" runat="server" placeholder="County"></asp:TextBox><br />
<asp:TextBox CssClass="form-control" ID="postcode" runat="server" placeholder="Postcode"></asp:TextBox><br />
<asp:TextBox CssClass="form-control" ID="country" runat="server" placeholder="Country"></asp:TextBox><br />
<asp:Button CssClass="btn btn-primary" ID="loginButton" runat="server" text="Submit" OnCLick="register"></asp:Button>
</div>
下一个
您的代码对sql注入攻击是开放的。不要使用单引号。始终使用参数共享客户端代码。顺便说一句,不参数化代码对SQL注入非常开放。请看:例如。@Kumar_Vikas您所说的客户端代码是什么意思?我的asp表单?连接已打开,但您没有设置cmd的连接属性。通过cmd.connection=con将连接对象设置为cmd