Warning: file_get_contents(/data/phpspider/zhask/data//catemap/2/csharp/336.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
C# SystemInvalidOperationException_C#_Asp.net_Sql Server - Fatal编程技术网
Fatal编程技术网
  • csharp/
  • C# SystemInvalidOperationException

C# SystemInvalidOperationException

c# asp.net sql-server

C# SystemInvalidOperationException,c#,asp.net,sql-server,C#,Asp.net,Sql Server,我正试图将此保存到我的数据库中,但我一直收到此错误 System.InvalidOperationException 这是我的密码 protected void btnSend_Click(object sender, EventArgs e) { con.Open(); cmd = new SqlCommand(@"INSERT INTO orders2 (orderName,orderFile

我正试图将此保存到我的数据库中,但我一直收到此错误

System.InvalidOperationException
这是我的密码

 protected void btnSend_Click(object sender, EventArgs e)
    {
        con.Open();
        cmd = new SqlCommand(@"INSERT INTO orders2
                            (orderName,orderFile,orderType,orderPrice,orderQuantity,orderShipped)
                            VALUES
                            ('"+DropDownList1.SelectedValue+"','"+lblFile.Text+"','"+lblPrice.Text+"','"+txtQuantity.Text+"','"+DateTime.Now+"')",con);
        cmd.ExecuteNonQuery();
        con.Close();
        lblFinished.Text = "Order has been submitted for process.";

    }
您在此处插入了6个值(
orderName、orderFile、orderType、orderPrice、orderQuantity、orderShipped
),但仅提供了5个值
DropDownList1.SelectedValue、lblFile.Text、lblPrice.Text、txtQuantity.Text、DateTime.Now

WhoAmI
可能是正确的,但是您的代码可以大大改进,以避免其他问题,并允许您不允许未处理的异常

我在代码中直接添加了额外的注释:

try
{

    // SqlConnection is disposable, so it is recommended to dispose it (using calls Dispose() for you)
    using (var con = new SqlConnection(connStr))
    { 
        con.Open();

        // this is missing from your code and might the errors actual cause
        // SqlCommand is also disposable
        using (var cmd = con.CreateCommand())
        {
            // is is strongly recommended to construct parameterized commands
            // to avoid SQL injection (check this - https://technet.microsoft.com/en-us/library/ms161953(v=sql.105).aspx)
            cmd.Text = @"
                INSERT INTO orders2
                (orderName,orderFile,orderType,orderPrice,orderQuantity,orderShipped)
                VALUES (@orderName, @orderFile, @orderType, @orderPrice, @orderQuantity, @orderShipped)";

            // the parameters - SqlCommand infers parameter type for you
            cmd.AddWithValue("@orderName", DropDownList1.SelectedValue);
            cmd.AddWithValue("@orderFile", lblFile.Text);
            cmd.AddWithValue("@orderType", theMissingParametersForOrderType);
            // some conversion might be needed here, as I expect the price to be some number 
            // with a fixed number of decimals
            // e.g. Convert.ToDecimal(lblPrice.Text)
            cmd.AddWithValue("@orderPrice", lblPrice.Text);
            // same convertion issue as for price
            cmd.AddWithValue("@orderQuantity", txtQuantity.Text);
            cmd.AddWithValue("@orderShipped", DateTime.Now);
        }  
    }
}  
// there are several Exceptions that can be raised and treated separately
// but this at least you can do
catch (Exception exc)
{
    // log the error somewhere
    // put a breakpoint just below to inspect the full error details
}
// this is executed even if an exception has occurred
finally
{
    if (con != null && con.State != ConnectionState.Closed)
        con.Close();
}
作为旁注,此代码属于数据层,而不是表示层。考虑将它包含在另一个程序集中。 如果您在
cmd.ExecuteNonQuery()
上设置断点,然后查看
cmd.CommandText
,是否发现问题?你能接受这个值并在你的数据库中运行查询吗?@connors cmd.CommandText?我还没有尝试过。与你的问题无关,但你需要解决的是:SQL注入可能性。我忘记了SQL注入的事情。谢谢你的提示!