C# 是否使用查询字符串执行更新?
我使用一个编辑页面让我的用户在文本框中查看和更改他们的数据,他们可以从主页上的gridview访问这些文本框。我在自动递增的列ProductId上使用了一个datakey,行数据显示得非常完美。不幸的是,当我触发click button事件以使用这些文本框中所做的更改更新行时,它们没有注册。我已经包括了下面的代码,但是作为一个注释,这是一个培训项目,为了先学习基础知识,我被明确禁止使用参数化。我意识到这是一项安全任务,但现在,没有准成员。为了澄清和重申我的问题,当我单击submit按钮时,行数据不受文本框中输入的更改的影响,而是恢复为原始值。我知道这可能与查询字符串有关,但我不知道是什么。想法C# 是否使用查询字符串执行更新?,c#,asp.net,sql-server,visual-studio,C#,Asp.net,Sql Server,Visual Studio,我使用一个编辑页面让我的用户在文本框中查看和更改他们的数据,他们可以从主页上的gridview访问这些文本框。我在自动递增的列ProductId上使用了一个datakey,行数据显示得非常完美。不幸的是,当我触发click button事件以使用这些文本框中所做的更改更新行时,它们没有注册。我已经包括了下面的代码,但是作为一个注释,这是一个培训项目,为了先学习基础知识,我被明确禁止使用参数化。我意识到这是一项安全任务,但现在,没有准成员。为了澄清和重申我的问题,当我单击submit按钮时,行数据
using System;
using System.Collections.Generic;
using System.Linq;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class ViewEdit : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
string x = Request.QueryString["ProductId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
string editQuery = "SELECT CustId, CustName, SicNaic, CustCity, CustAdd, CustState, CustZip, BroName, BroId, BroAdd, BroCity, BroState, BroZip, EntityType, Coverage, CurrentCoverage, PrimEx, Retention, EffectiveDate, Commission, Premium, Comments, ProductId FROM ProductInstance WHERE ProductId =" + x;
using (SqlConnection editConn = new SqlConnection(connectionString))
{
editConn.Open();
using (SqlCommand command = new SqlCommand(editQuery, editConn))
{
SqlDataReader dr = command.ExecuteReader();
dr.Read();
TextBox1.Text = dr.GetInt32(0).ToString();
TextBox2.Text = dr.GetString(1);
TextBox3.Text = dr.GetString(2);
TextBox4.Text = dr.GetString(3);
TextBox5.Text = dr.GetString(4);
TextBox6.Text = dr.GetString(5);
TextBox7.Text = dr.GetInt32(6).ToString();
TextBox8.Text = dr.GetString(7);
TextBox9.Text = dr.GetInt32(8).ToString();
TextBox10.Text = dr.GetString(9);
TextBox11.Text = dr.GetString(10);
TextBox12.Text = dr.GetString(11);
TextBox13.Text = dr.GetInt32(12).ToString();
TextBox14.Text = dr.GetString(13);
TextBox15.Text = dr.GetInt32(14).ToString();
TextBox16.Text = dr.GetInt32(15).ToString();
TextBox17.Text = dr.GetInt32(16).ToString();
TextBox18.Text = dr.GetInt32(17).ToString();
TextBox19.Text = dr.GetDateTime(18).ToString();
TextBox20.Text = dr.GetInt32(19).ToString();
TextBox21.Text = dr.GetInt32(20).ToString();
TextBox22.Text = dr.GetString(21);
}
editConn.Close();
}
}
protected void Button1_Click(object sender, EventArgs e)
{
string x = Request.QueryString["ProductId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
using (SqlConnection updateConn = new SqlConnection(connectionString))
{
updateConn.Open();
{
string updateQuery = "UPDATE ProductInstance SET CustId = '" + TextBox1.Text + "', CustName = '" + TextBox2.Text + "', SicNaic = '" + TextBox3.Text + "', CustCity = '" + TextBox4.Text + "', CustAdd = '" + TextBox5.Text + "', CustState = '" + TextBox6.Text + "', CustZip = '" + TextBox7.Text + "', BroName = '" + TextBox8.Text + "', BroId = '" + TextBox9.Text + "', BroAdd = '" + TextBox10.Text + "', BroCity = '" + TextBox11.Text + "', BroState = '" + TextBox12.Text + "', BroZip = '" + TextBox13.Text + "', EntityType = '" + TextBox14.Text + "', Coverage = '" + TextBox15.Text + "', CurrentCoverage = '" + TextBox16.Text + "', PrimEx = '" + TextBox17.Text + "', Retention = '" + TextBox18.Text + "', EffectiveDate = '" + TextBox19.Text + "', Commission = '" + TextBox20.Text + "', Premium = '" + TextBox21.Text + "', Comments = '" + TextBox22.Text + "' WHERE ProductId =" + x;
using (SqlCommand command = new SqlCommand(updateQuery, updateConn))
{
command.ExecuteNonQuery();
}
}
}
}
public partial class ViewEdit : System.Web.UI.Page {
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
string x = Request.QueryString["ProductId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
string editQuery = "SELECT CustId, CustName, SicNaic, CustCity, CustAdd, CustState, CustZip, BroName, BroId, BroAdd, BroCity, BroState, BroZip, EntityType, Coverage, CurrentCoverage, PrimEx, Retention, EffectiveDate, Commission, Premium, Comments, ProductId FROM ProductInstance WHERE ProductId =" + x;
using (SqlConnection editConn = new SqlConnection(connectionString))
{
editConn.Open();
using (SqlCommand command = new SqlCommand(editQuery, editConn))
{ [...]
public partial class ViewEdit : System.Web.UI.Page {
protected void Page_Load(object sender, EventArgs e)
{
if (!Page.IsPostBack)
{
string x = Request.QueryString["ProductId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
string editQuery = "SELECT CustId, CustName, SicNaic, CustCity, CustAdd, CustState, CustZip, BroName, BroId, BroAdd, BroCity, BroState, BroZip, EntityType, Coverage, CurrentCoverage, PrimEx, Retention, EffectiveDate, Commission, Premium, Comments, ProductId FROM ProductInstance WHERE ProductId =" + x;
using (SqlConnection editConn = new SqlConnection(connectionString))
{
editConn.Open();
using (SqlCommand command = new SqlCommand(editQuery, editConn))
{ [...]
但是,这也意味着在完成更改后,您将不再从数据库中重新加载更改,因为此后的每个页面事件都将是回发(除非执行重定向)。由于您正在学习ASP.NET,我建议您查看页面生命周期并探索不同的解决方案。祝你好运 在您的页面中\u加载回发检查
protected void Page_Load(object sender, EventArgs e)
{
if (Page.IsPostBack == false)
{
string x = Request.QueryString["ProductId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString; string editQuery = "SELECT CustId, CustName, SicNaic, CustCity, CustAdd, CustState, CustZip, BroName, BroId, BroAdd, BroCity, BroState, BroZip, EntityType, Coverage, CurrentCoverage, PrimEx, Retention, EffectiveDate, Commission, Premium, Comments, ProductId FROM ProductInstance WHERE ProductId =" + x;
}
}
在您的页面中\u加载回发检查
protected void Page_Load(object sender, EventArgs e)
{
if (Page.IsPostBack == false)
{
string x = Request.QueryString["ProductId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString; string editQuery = "SELECT CustId, CustName, SicNaic, CustCity, CustAdd, CustState, CustZip, BroName, BroId, BroAdd, BroCity, BroState, BroZip, EntityType, Coverage, CurrentCoverage, PrimEx, Retention, EffectiveDate, Commission, Premium, Comments, ProductId FROM ProductInstance WHERE ProductId =" + x;
}
}
在这样的页面上,你应该做的第一件事就是检查!IsPostBack,然后执行在代码中呈现页面的标准过程:
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
// Add your normal code in here
}
}
protected void Button1_Click(object sender, EventArgs e)
{
// Do Insertion here
lstView.DataSource = sqlVals;
lstView.DataBind();
}
还可以阅读EF4或LinqToSql,因为它将使来自SQL的数据调用更容易、更安全在这样的页面上,您应该始终做的第一件事是检查!IsPostBack,然后执行在代码中呈现页面的标准过程:
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
// Add your normal code in here
}
}
protected void Button1_Click(object sender, EventArgs e)
{
// Do Insertion here
lstView.DataSource = sqlVals;
lstView.DataBind();
}
另外,请阅读EF4或LinqToSql,因为它将使来自SQL的数据调用更容易和更安全FYI-您的代码易受SQL注入的影响。FYI-您的代码易受SQL注入的影响。谢谢您,KTF,太棒了!我正在读这篇文章。为了澄清,我应该对我的原始查询执行if序列(这只是为了显示信息),还是应该对查询执行if序列以进行更新?我会假设是后者,但我是问问题的人是有原因的……你的问题暗示了对ASP.NET模型的误解。页面上的任何事件都将是“回发”,因为可以说,它将由页面触发。因此,您希望按钮单击事件始终更新。(如果页面不是回发,则永远不会调用它)。这篇文章也可能对你有所帮助:Touche。谢谢你多花点时间教我钓鱼。我基本上是在速成班上完成这项工作,这相当于试着在家里用一年而不是10年的时间去上医学院。要精通这个职业没有捷径。谢谢你,KTF,太棒了!我正在读这篇文章。为了澄清,我应该对我的原始查询执行if序列(这只是为了显示信息),还是应该对查询执行if序列以进行更新?我会假设是后者,但我是问问题的人是有原因的……你的问题暗示了对ASP.NET模型的误解。页面上的任何事件都将是“回发”,因为可以说,它将由页面触发。因此,您希望按钮单击事件始终更新。(如果页面不是回发,则永远不会调用它)。这篇文章也可能对你有所帮助:Touche。谢谢你多花点时间教我钓鱼。我基本上是在速成班上完成这项工作,这相当于试着在家里用一年而不是10年的时间去上医学院。要精通这个职业没有捷径。谢谢你,瑞安。你和KTF的回答解决了我的问题。非常感谢,谢谢你,瑞安。你和KTF的回答解决了我的问题。非常感谢。