C# 在asp.net中将数据从gridview保存到本地数据库
我目前正在编写一段代码,其中用户应该插入一些关于员工的信息,并按下一个按钮填充gridview,另一个按钮将gridview中的信息保存到本地数据库中。在运行到目前为止我编写的时,出现了一个一致的错误,显示“SqlExeption未被用户代码处理。我一直在尝试修复它,但没有成功。它在C# 在asp.net中将数据从gridview保存到本地数据库,c#,asp.net,sql-server,C#,Asp.net,Sql Server,我目前正在编写一段代码,其中用户应该插入一些关于员工的信息,并按下一个按钮填充gridview,另一个按钮将gridview中的信息保存到本地数据库中。在运行到目前为止我编写的时,出现了一个一致的错误,显示“SqlExeption未被用户代码处理。我一直在尝试修复它,但没有成功。它在conn.Open(); 这是一段特定的代码: protected void SaveButton_Click(object sender, EventArgs e) { string StrQuery;
conn.Open();
这是一段特定的代码:
protected void SaveButton_Click(object sender, EventArgs e)
{
string StrQuery;
try
{
using (SqlConnection conn = new SqlConnection(@"Data Source = C:\EmployeeWebProject\EmployeeWebProject\App_Data\EmployeeDatabase.sdf"))
{
using (SqlCommand comm = new SqlCommand("SELECT * FROM Employee"))
{
comm.Connection = conn;
conn.Open();
for (int i = 0; i < GridView1.Rows.Count; i++)
{
StrQuery = @"INSERT INTO Employee VALUES ("
+ GridView1.Rows[i].Cells[0].ToString() + ", "
+ GridView1.Rows[i].Cells[1].ToString() + ", "
+ GridView1.Rows[i].Cells[2].ToString() + ", "
+ GridView1.Rows[i].Cells[3].ToString() + ", "
+ GridView1.Rows[i].Cells[4].ToString() + ");";
comm.CommandText = StrQuery;
comm.ExecuteNonQuery();
}
}
}
}
finally
{
}
}
protectedvoid SaveButton\u单击(对象发送方,事件参数e)
{
字符串StrQuery;
尝试
{
使用(SqlConnection conn=newsqlconnection(@“数据源=C:\EmployeeWebProject\EmployeeWebProject\App\u Data\EmployeeDatabase.sdf”))
{
使用(SqlCommand comm=newsqlcommand(“SELECT*FROM Employee”))
{
通信连接=连接;
conn.Open();
对于(int i=0;i
要避免SQL注入并正确使用参数化查询,以及使用SQL Server CE连接和命令对象,请尝试以下代码:
protected void SaveButton_Click(object sender, EventArgs e)
{
string StrQuery;
try
{
// define connection string and INSERT query WITH PARAMETERS
string connectionString = @"Data Source = C:\EmployeeWebProject\EmployeeWebProject\App_Data\EmployeeDatabase.sdf";
string insertQry = "INSERT INTO Employees(Col1, Col2, Col3, Col4, Col5) " +
"VALUES(@Col1, @Col2, @Col3, @Col4, @Col5);";
// define connection and command for SQL Server CE
using (SqlCeConnection conn = new SqlCeConnection(connectionString))
using (SqlCeCommand cmd = new SqlCeCommand(insertQry, conn))
{
// add parameters to your command - adapt those *as needed* - we don't know your table structure,
// nor what datatype (and possibly length) those parameters are !
cmd.Parameters.Add("@Col1", SqlDbType.Int);
cmd.Parameters.Add("@Col2", SqlDbType.VarChar, 100);
cmd.Parameters.Add("@Col3", SqlDbType.VarChar, 100);
cmd.Parameters.Add("@Col4", SqlDbType.VarChar, 100);
cmd.Parameters.Add("@Col5", SqlDbType.VarChar, 100);
conn.Open();
for (int i = 0; i < GridView1.Rows.Count; i++)
{
// set parameter values
cmd.Parameters["@Col1"].Value = Convert.ToInt32(GridView1.Rows[i].Cells[0]);
cmd.Parameters["@Col2"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.Parameters["@Col3"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.Parameters["@Col4"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.Parameters["@Col5"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.ExecuteNonQuery();
}
}
}
finally
{
}
}
protectedvoid SaveButton\u单击(对象发送方,事件参数e)
{
字符串StrQuery;
尝试
{
//定义连接字符串并插入带有参数的查询
字符串连接字符串=@“数据源=C:\EmployeeWebProject\EmployeeWebProject\App\U Data\EmployeeDatabase.sdf”;
string insertQry=“插入员工(Col1、Col2、Col3、Col4、Col5)”+
“值(@Col1、@Col2、@Col3、@Col4、@Col5);”;
//为SQL Server CE定义连接和命令
使用(SqlCeConnection conn=newsqlceconnection(connectionString))
使用(SqlCeCommand cmd=newsqlcecommand(insertQry,conn))
{
//向命令中添加参数-根据需要调整这些参数-我们不知道您的表结构,
//也不知道这些参数的数据类型(可能还有长度)!
cmd.Parameters.Add(“@Col1”,SqlDbType.Int);
cmd.Parameters.Add(“@Col2”,SqlDbType.VarChar,100);
cmd.Parameters.Add(“@Col3”,SqlDbType.VarChar,100);
cmd.Parameters.Add(“@Col4”,SqlDbType.VarChar,100);
cmd.Parameters.Add(“@Col5”,SqlDbType.VarChar,100);
conn.Open();
对于(int i=0;i
要避免SQL注入并正确使用参数化查询,以及使用SQL Server CE连接和命令对象,请尝试以下代码:
protected void SaveButton_Click(object sender, EventArgs e)
{
string StrQuery;
try
{
// define connection string and INSERT query WITH PARAMETERS
string connectionString = @"Data Source = C:\EmployeeWebProject\EmployeeWebProject\App_Data\EmployeeDatabase.sdf";
string insertQry = "INSERT INTO Employees(Col1, Col2, Col3, Col4, Col5) " +
"VALUES(@Col1, @Col2, @Col3, @Col4, @Col5);";
// define connection and command for SQL Server CE
using (SqlCeConnection conn = new SqlCeConnection(connectionString))
using (SqlCeCommand cmd = new SqlCeCommand(insertQry, conn))
{
// add parameters to your command - adapt those *as needed* - we don't know your table structure,
// nor what datatype (and possibly length) those parameters are !
cmd.Parameters.Add("@Col1", SqlDbType.Int);
cmd.Parameters.Add("@Col2", SqlDbType.VarChar, 100);
cmd.Parameters.Add("@Col3", SqlDbType.VarChar, 100);
cmd.Parameters.Add("@Col4", SqlDbType.VarChar, 100);
cmd.Parameters.Add("@Col5", SqlDbType.VarChar, 100);
conn.Open();
for (int i = 0; i < GridView1.Rows.Count; i++)
{
// set parameter values
cmd.Parameters["@Col1"].Value = Convert.ToInt32(GridView1.Rows[i].Cells[0]);
cmd.Parameters["@Col2"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.Parameters["@Col3"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.Parameters["@Col4"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.Parameters["@Col5"].Value = GridView1.Rows[i].Cells[1].ToString();
cmd.ExecuteNonQuery();
}
}
}
finally
{
}
}
protectedvoid SaveButton\u单击(对象发送方,事件参数e)
{
字符串StrQuery;
尝试
{
//定义连接字符串并插入带有参数的查询
字符串连接字符串=@“数据源=C:\EmployeeWebProject\EmployeeWebProject\App\U Data\EmployeeDatabase.sdf”;
string insertQry=“插入员工(Col1、Col2、Col3、Col4、Col5)”+
“值(@Col1、@Col2、@Col3、@Col4、@Col5);”;
//为SQL Server CE定义连接和命令
使用(SqlCeConnection conn=newsqlceconnection(connectionString))
使用(SqlCeCommand cmd=newsqlcecommand(insertQry,conn))
{
//向命令中添加参数-根据需要调整这些参数-我们不知道您的表结构,
//也不知道这些参数的数据类型(可能还有长度)!
cmd.Parameters.Add(“@Col1”,SqlDbType.Int);
cmd.Parameters.Add(“@Col2”,SqlDbType.VarChar,100);
cmd.Parameters.Add(“@Col3”,SqlDbType.VarChar,100);
cmd.Parameters.Add(“@Col4”,SqlDbType.VarChar,100);
cmd.Parameters.Add(“@Col5”,SqlDbType.VarChar,100);
conn.Open();
对于(int i=0;i
-您不应将SQL语句连接在一起-使用参数化查询来避免SQL注入您需要提供更多有关错误的数据-检查内部异常,包括完整错误消息等+10000000到