C# 在asp.net中处理外键
我正在制作一个连接到数据库的会员网站。所有表都已在数据库中创建。但是,我在处理外键时遇到问题。我真的不知道怎么做 我使用VS2012进行Web应用 这是会员想要加入俱乐部时填写的注册页面。在member表中,我有两个需要处理的外键:addressID、membershipID、emergencyContactEmail和clubIDC# 在asp.net中处理外键,c#,sql,asp.net,C#,Sql,Asp.net,我正在制作一个连接到数据库的会员网站。所有表都已在数据库中创建。但是,我在处理外键时遇到问题。我真的不知道怎么做 我使用VS2012进行Web应用 这是会员想要加入俱乐部时填写的注册页面。在member表中,我有两个需要处理的外键:addressID、membershipID、emergencyContactEmail和clubID using System; using System.Collections.Generic; using System.Linq; using System.We
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
public partial class Default2 : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if(IsPostBack)
{
SqlConnection regConn = new SqlConnection(ConfigurationManager.ConnectionStrings["connectionstring"].ConnectionString);
regConn.Open();
string check = "select count(*) from member where memberEmail ='" + emailTB.Text + "'";
SqlCommand cmd = new SqlCommand(check, regConn);
int i = Convert.ToInt32(cmd.ExecuteScalar().ToString());
if (i == 1)
{
Response.Write("User already exists");
}
regConn.Close();
}
}
protected void SubmitButton_Click(object sender, EventArgs e)
{
try
{
Guid addressGuid = Guid.NewGuid();
Guid medicalGuid = Guid.NewGuid();
Guid membershipGuid = Guid.NewGuid();
SqlConnection regConn = new SqlConnection(ConfigurationManager.ConnectionStrings["Data Source=student5;Initial Catalog=FeelGoodDatabase;Persist Security Info=True;User ID=sa;Password=*******"].ConnectionString);
regConn.Open();
string insertMember = "insert into member (memberEmail, firstName, surname, dateOfBirth, password, contactNumber) values(@email, @firstName, @surname, @dob, @password, @phone)";
string insertAddress = "insert into address (addressID, lineOne, lineTwo, town, county) values (@addressID, @lineOne, @lineTwo, @town, @county)";
string insertEmergency = "insert into emergencyContact (emergencyContactEmail, emergencyContactName, emergencyContactSurname, emergencyContactNumber) values (@emEmail, @emName, @emSurname, @emPhone)";
string insertMedical = "insert into medicalInfo(medicalInfoID, physicalHealthInfo) values (@medicalInfoID, @healthInfo)";
string insertMembership = "insert into membership(membershipID, membershipType, paymentOption, membershipPrice) values (@memID, @memType, @payOption, @amount)";
string selectedMembership = this.RadioButtonList1.SelectedItem.Text;
string selectedPayOption = this.RadioButtonList2.SelectedItem.Text;
SqlCommand cmd = new SqlCommand(insertMember, regConn);
SqlCommand cmdAddress = new SqlCommand(insertAddress, regConn);
SqlCommand cmdEmergency = new SqlCommand(insertEmergency, regConn);
SqlCommand cmdMedical = new SqlCommand(insertMedical, regConn);
SqlCommand cmdMembership = new SqlCommand(insertMembership, regConn);
cmdAddress.Parameters.AddWithValue("@addressID", addressGuid.ToString());
cmdMedical.Parameters.AddWithValue("@medicalInfoID", medicalGuid.ToString());
cmdMembership.Parameters.AddWithValue("@memID", membershipGuid.ToString());
cmd.Parameters.AddWithValue("@email", emailTB.Text);
cmd.Parameters.AddWithValue("@firstName", firstNameTB.Text);
cmd.Parameters.AddWithValue("@surname", surnameTB.Text);
cmd.Parameters.AddWithValue("@dob", dobTB.Text);
cmd.Parameters.AddWithValue("@password", passwordTB.Text);
cmd.Parameters.AddWithValue("@phone", phoneTB.Text);
cmdAddress.Parameters.AddWithValue("@lineOne", lineOneTB.Text);
cmdAddress.Parameters.AddWithValue("@lineTwo", lineTwoTB.Text);
cmdAddress.Parameters.AddWithValue("@town", townTB.Text);
cmdAddress.Parameters.AddWithValue("@county", emailTB.Text);
cmdEmergency.Parameters.AddWithValue("@emEmail", emEmailTB.Text);
cmdEmergency.Parameters.AddWithValue("@emName", emnameTB.Text);
cmdEmergency.Parameters.AddWithValue("@emSurname", emSurnameTB.Text);
cmdEmergency.Parameters.AddWithValue("@emPhone", emPhoneTB.Text);
cmdMedical.Parameters.AddWithValue("@healthInfo", medicalTB.Text);
cmdMembership.Parameters.AddWithValue("@memType", selectedMembership);
cmdMembership.Parameters.AddWithValue("@paymentOption", selectedPayOption);
cmdMembership.Parameters.AddWithValue("@amount", amountTB.Text);
cmd.ExecuteNonQuery();
cmdAddress.ExecuteNonQuery();
cmdEmergency.ExecuteNonQuery();
cmdMedical.ExecuteNonQuery();
cmdMembership.ExecuteNonQuery();
Response.Redirect("MemberPage.aspx");
regConn.Close();
}
catch (Exception)
{
Response.Write("Sign up not successful");
}
}
}
SqlConnection regConn = new SqlConnection(ConfigurationManager.ConnectionStrings["Data Source=student5;Initial Catalog=FeelGoodDatabase;Persist Security Info=True;User ID=sa;Password=********"].ConnectionString);
谢谢。您必须在ConfigurationManager.ConnectionString中使用连接字符串键,而不是使用整个连接字符串。Asp.Net无法在web.config中找到密钥并抛出对象引用
SqlConnection regConn = new SqlConnection(ConfigurationManager.ConnectionStrings["Student5DB"].ConnectionString);
<connectionStrings>
<add name="Student5DB" connectionString="Data Source=student5;Initial Catalog=FeelGoodDatabase;Persist Security Info=True;User ID=sa;Password=********" providerName="System.Data.SqlClient" />
</connectionStrings>
它本质上是一个未定义的变量。忘记所有这些数据库内容,集中精力。ConfigurationManager.ConnectionString是一个数组,它可能有一个简单的键,与web.config的ConnectionString部分的元素相关。将整个connectionstring作为数组的索引可能不是一个好主意:请参阅中的示例了解如何使用它。Page_Load中的sql字符串代码极易受到sql注入攻击。这简直是乞求被黑客攻击。使用查询参数,就像在代码中的其他地方一样。此外,不要在您的程序中使用“sa”帐户。