C# SystemInvalidOperationException
我正试图将此保存到我的数据库中,但我一直收到此错误C# SystemInvalidOperationException,c#,asp.net,sql-server,C#,Asp.net,Sql Server,我正试图将此保存到我的数据库中,但我一直收到此错误 System.InvalidOperationException 这是我的密码 protected void btnSend_Click(object sender, EventArgs e) { con.Open(); cmd = new SqlCommand(@"INSERT INTO orders2 (orderName,orderFile
System.InvalidOperationException
这是我的密码
protected void btnSend_Click(object sender, EventArgs e)
{
con.Open();
cmd = new SqlCommand(@"INSERT INTO orders2
(orderName,orderFile,orderType,orderPrice,orderQuantity,orderShipped)
VALUES
('"+DropDownList1.SelectedValue+"','"+lblFile.Text+"','"+lblPrice.Text+"','"+txtQuantity.Text+"','"+DateTime.Now+"')",con);
cmd.ExecuteNonQuery();
con.Close();
lblFinished.Text = "Order has been submitted for process.";
}
您在此处插入了6个值(
orderName、orderFile、orderType、orderPrice、orderQuantity、orderShipped
),但仅提供了5个值DropDownList1.SelectedValue、lblFile.Text、lblPrice.Text、txtQuantity.Text、DateTime.Now
WhoAmI
可能是正确的,但是您的代码可以大大改进,以避免其他问题,并允许您不允许未处理的异常
我在代码中直接添加了额外的注释:
try
{
// SqlConnection is disposable, so it is recommended to dispose it (using calls Dispose() for you)
using (var con = new SqlConnection(connStr))
{
con.Open();
// this is missing from your code and might the errors actual cause
// SqlCommand is also disposable
using (var cmd = con.CreateCommand())
{
// is is strongly recommended to construct parameterized commands
// to avoid SQL injection (check this - https://technet.microsoft.com/en-us/library/ms161953(v=sql.105).aspx)
cmd.Text = @"
INSERT INTO orders2
(orderName,orderFile,orderType,orderPrice,orderQuantity,orderShipped)
VALUES (@orderName, @orderFile, @orderType, @orderPrice, @orderQuantity, @orderShipped)";
// the parameters - SqlCommand infers parameter type for you
cmd.AddWithValue("@orderName", DropDownList1.SelectedValue);
cmd.AddWithValue("@orderFile", lblFile.Text);
cmd.AddWithValue("@orderType", theMissingParametersForOrderType);
// some conversion might be needed here, as I expect the price to be some number
// with a fixed number of decimals
// e.g. Convert.ToDecimal(lblPrice.Text)
cmd.AddWithValue("@orderPrice", lblPrice.Text);
// same convertion issue as for price
cmd.AddWithValue("@orderQuantity", txtQuantity.Text);
cmd.AddWithValue("@orderShipped", DateTime.Now);
}
}
}
// there are several Exceptions that can be raised and treated separately
// but this at least you can do
catch (Exception exc)
{
// log the error somewhere
// put a breakpoint just below to inspect the full error details
}
// this is executed even if an exception has occurred
finally
{
if (con != null && con.State != ConnectionState.Closed)
con.Close();
}
作为旁注,此代码属于数据层,而不是表示层。考虑将它包含在另一个程序集中。 如果您在
cmd.ExecuteNonQuery()
上设置断点,然后查看cmd.CommandText
,是否发现问题?你能接受这个值并在你的数据库中运行查询吗?@connors cmd.CommandText?我还没有尝试过。与你的问题无关,但你需要解决的是:SQL注入可能性。我忘记了SQL注入的事情。谢谢你的提示!