C# 未知列';新';在';字段列表';在asp.net中使用sql命令时
我试图在更新时使用asp.net更新GridView,我正在传递文本框值,但出现上述错误C# 未知列';新';在';字段列表';在asp.net中使用sql命令时,c#,mysql,sql,asp.net,aspxgridview,C#,Mysql,Sql,Asp.net,Aspxgridview,我试图在更新时使用asp.net更新GridView,我正在传递文本框值,但出现上述错误 Label l1 = g1.Rows[e.RowIndex].FindControl("idlbl") as Label; TextBox t1 = g1.Rows[e.RowIndex].FindControl("typeText") as TextBox; string orderType = t1.Text; string Query = @"update app_order_master set
Label l1 = g1.Rows[e.RowIndex].FindControl("idlbl") as Label;
TextBox t1 = g1.Rows[e.RowIndex].FindControl("typeText") as TextBox;
string orderType = t1.Text;
string Query = @"update app_order_master set order_amt=" + orderType + " where order_id=" + l1.Text;
MySqlCommand cmd = new MySqlCommand(Query);
cmd.Connection = sqlconn;
cmd.ExecuteNonQuery();
尝试改用参数
Label l1 = g1.Rows[e.RowIndex].FindControl("idlbl") as Label;
TextBox t1 = g1.Rows[e.RowIndex].FindControl("typeText") as TextBox;
string orderType = t1.Text;
string order_id = l1.Text;
string Query = "update app_order_master set order_amt = @orderType where order_id = @order_id";
MySqlCommand cmd = new MySqlCommand(Query);
cmd.Parameters.Add("@orderType", orderType);
cmd.Parameters.Add("@order_id", order_id);
cmd.Connection = sqlconn;
cmd.ExecuteNonQuery();
尝试改用参数
Label l1 = g1.Rows[e.RowIndex].FindControl("idlbl") as Label;
TextBox t1 = g1.Rows[e.RowIndex].FindControl("typeText") as TextBox;
string orderType = t1.Text;
string order_id = l1.Text;
string Query = "update app_order_master set order_amt = @orderType where order_id = @order_id";
MySqlCommand cmd = new MySqlCommand(Query);
cmd.Parameters.Add("@orderType", orderType);
cmd.Parameters.Add("@order_id", order_id);
cmd.Connection = sqlconn;
cmd.ExecuteNonQuery();
这是另一个可能对您有所帮助的示例,其他开发人员提到的一个指针,您的原始代码是对SQL注入的探测。如果您对此进行搜索,您可以找到大量关于SQL注入是什么的示例。这是我的方法,可能对你有所帮助。一个小的代码示例来帮助您
public void updateProductTbl(string prodBrand, string description, decimal weight, decimal unitwholesaleprice, decimal unitretailprice, string prodImage, string location, string qrcode,
string barcode, string suppliercode, int unitinstock, int unitsonorder, int reorderlevel, bool discontinued, decimal unitofmeasure, string prodcategory, int OldValue)
{
query = @"update Product
SET
prod_band=@prodBrand
,prod_description=@description
,prod_weight=@weight
,prod_perUnitwholesalePrice=@unitwholesaleprice
,prod_perUnitRetailPrice = @unitretailprice
,prod_Image=@prodImage
,prod_location=@location
,prod_QRcode=@qrcode
,prod_barcode=@barcode
,prod_supplierFKCode=@suppliercode
,prod_unitsinstock=@unitinstock
,prod_unitsonorder=@unitonorder
,prod_reorderlevel=@reorderlevel
,prod_discontinued=@discontinued
,prod_unitofmeasure=@unittofmeasure
,prod_category=@prodcategory
where prod_rec_id=@OldValue";
try
{
myConn.Open();
SqlCommand myCommand = new SqlCommand(query, myConn);
myCommand.Parameters.AddWithValue("@prodBrand", prodBrand);
myCommand.Parameters.AddWithValue("@description", description);
myCommand.Parameters.AddWithValue("@weight", weight);
myCommand.Parameters.AddWithValue("@unitwholesaleprice", unitwholesaleprice);
myCommand.Parameters.AddWithValue("@unitretailprice", unitretailprice);
myCommand.Parameters.AddWithValue("@prodImage", prodImage);
myCommand.Parameters.AddWithValue("@location", location);
myCommand.Parameters.AddWithValue("@qrcode", qrcode);
myCommand.Parameters.AddWithValue("@barcode", barcode);
myCommand.Parameters.AddWithValue("@suppliercode", suppliercode);
myCommand.Parameters.AddWithValue("@unitinstock", unitinstock);
myCommand.Parameters.AddWithValue("@unitonorder", unitsonorder);
myCommand.Parameters.AddWithValue("@reorderlevel", reorderlevel);
myCommand.Parameters.AddWithValue("@discontinued", discontinued);
myCommand.Parameters.AddWithValue("@unittofmeasure", unitofmeasure);
myCommand.Parameters.AddWithValue("@prodcategory", prodcategory);
myCommand.Parameters.AddWithValue("@OldValue", OldValue);
status = myCommand.ExecuteNonQuery(); // when ExecuteNonQuery method return 1 or 0 if it have saved to sql db
if (status > 0)
{
MessageBox.Show("Your Data has been updated", "Update Data", MessageBoxButton.OK, MessageBoxImage.Information);
}
}
catch(Exception ex)
{
MessageBox.Show("SQL Error in Product Add method:"+ex.ToString(), "Warning Data not saved", MessageBoxButton.OK, MessageBoxImage.Error);
}
finally
{
myConn.Close();
}
}
希望abe能让您很好地了解如何使用SQl并在方法中传递参数 这是另一个可能对您有所帮助的示例,其他开发人员提到的一个指针,您的原始代码是对SQL注入的探测。如果您对此进行搜索,您可以找到大量关于SQL注入是什么的示例。这是我的方法,可能对你有所帮助。一个小的代码示例来帮助您
public void updateProductTbl(string prodBrand, string description, decimal weight, decimal unitwholesaleprice, decimal unitretailprice, string prodImage, string location, string qrcode,
string barcode, string suppliercode, int unitinstock, int unitsonorder, int reorderlevel, bool discontinued, decimal unitofmeasure, string prodcategory, int OldValue)
{
query = @"update Product
SET
prod_band=@prodBrand
,prod_description=@description
,prod_weight=@weight
,prod_perUnitwholesalePrice=@unitwholesaleprice
,prod_perUnitRetailPrice = @unitretailprice
,prod_Image=@prodImage
,prod_location=@location
,prod_QRcode=@qrcode
,prod_barcode=@barcode
,prod_supplierFKCode=@suppliercode
,prod_unitsinstock=@unitinstock
,prod_unitsonorder=@unitonorder
,prod_reorderlevel=@reorderlevel
,prod_discontinued=@discontinued
,prod_unitofmeasure=@unittofmeasure
,prod_category=@prodcategory
where prod_rec_id=@OldValue";
try
{
myConn.Open();
SqlCommand myCommand = new SqlCommand(query, myConn);
myCommand.Parameters.AddWithValue("@prodBrand", prodBrand);
myCommand.Parameters.AddWithValue("@description", description);
myCommand.Parameters.AddWithValue("@weight", weight);
myCommand.Parameters.AddWithValue("@unitwholesaleprice", unitwholesaleprice);
myCommand.Parameters.AddWithValue("@unitretailprice", unitretailprice);
myCommand.Parameters.AddWithValue("@prodImage", prodImage);
myCommand.Parameters.AddWithValue("@location", location);
myCommand.Parameters.AddWithValue("@qrcode", qrcode);
myCommand.Parameters.AddWithValue("@barcode", barcode);
myCommand.Parameters.AddWithValue("@suppliercode", suppliercode);
myCommand.Parameters.AddWithValue("@unitinstock", unitinstock);
myCommand.Parameters.AddWithValue("@unitonorder", unitsonorder);
myCommand.Parameters.AddWithValue("@reorderlevel", reorderlevel);
myCommand.Parameters.AddWithValue("@discontinued", discontinued);
myCommand.Parameters.AddWithValue("@unittofmeasure", unitofmeasure);
myCommand.Parameters.AddWithValue("@prodcategory", prodcategory);
myCommand.Parameters.AddWithValue("@OldValue", OldValue);
status = myCommand.ExecuteNonQuery(); // when ExecuteNonQuery method return 1 or 0 if it have saved to sql db
if (status > 0)
{
MessageBox.Show("Your Data has been updated", "Update Data", MessageBoxButton.OK, MessageBoxImage.Information);
}
}
catch(Exception ex)
{
MessageBox.Show("SQL Error in Product Add method:"+ex.ToString(), "Warning Data not saved", MessageBoxButton.OK, MessageBoxImage.Error);
}
finally
{
myConn.Close();
}
}
希望abe能让您很好地了解如何使用SQl并在方法中传递参数 我认为它是重复的,检查一下这个:您在这里构建的SQL非常糟糕,如果您调试了代码,您就会看到问题所在。检查
QueryQuery