C# 对象类型中不存在映射
错误显示: 对象类型中不存在映射 是因为我的转换图像错误吗? 或者是否有其他方法将映像更新到我的sql?C# 对象类型中不存在映射,c#,mysql,sql-server-2008,C#,Mysql,Sql Server 2008,错误显示: 对象类型中不存在映射 是因为我的转换图像错误吗? 或者是否有其他方法将映像更新到我的sql? 问题是我需要更新我可以显示的图像中的值,并更新可以保存到数据库中的值 我建议您删除,在之前的where,并在ICNUMBER.text private void button5_Click(object sender, EventArgs e) { DataGridViewRow updatedrow = dataGridView1.Rows[choose
问题是我需要更新我可以显示的图像中的值,并更新可以保存到数据库中的值 我建议您删除
,
在之前的where
,并在ICNUMBER.text
private void button5_Click(object sender, EventArgs e)
{
DataGridViewRow updatedrow = dataGridView1.Rows[chooseAnyRow];
updatedrow.Cells[0].Value = SALUTATION.Text;
updatedrow.Cells[1].Value = NAME.Text;
updatedrow.Cells[2].Value = SEX.Text;
updatedrow.Cells[3].Value = ETHNICITY.Text;
updatedrow.Cells[4].Value = MARITALSTATUS.Text;
updatedrow.Cells[5].Value = ICNUMBER.Text;
updatedrow.Cells[6].Value = HPNUMBER.Text;
updatedrow.Cells[7].Value = DOB.Text;
updatedrow.Cells[8].Value = ADDRESS.Text;
updatedrow.Cells[9].Value = STATE.Text;
updatedrow.Cells[10].Value = CITY.Text;
updatedrow.Cells[11].Value = POSTCODE.Text;
updatedrow.Cells[12].Value = pictureBox1.Image;
con = new SqlConnection(@"Data Source=dasranrajlui\sqlexpress;Initial Catalog=SESoriginal;Integrated Security=True");
con.Open();
com = con.CreateCommand();
com.CommandType = CommandType.Text;
com.CommandText = " update VoterRegistration set SALUTATION = '" + SALUTATION.Text +
"', NAME = '" + NAME.Text +
"', SEX = '" + SEX.Text +
"', ETHNICITY = '" + ETHNICITY.Text +
"', MARITALSTATUS = '" + MARITALSTATUS.Text +
"', IC_NUMBER = " + ICNUMBER.Text +
", HP_NUMBER = " + HPNUMBER.Text +
", DOB = '" + DOB.Text +
"', ADDRESS = '" + ADDRESS.Text +
"', STATE = '" + STATE.Text +
"', CITY = '" + CITY.Text +
"', POSTCODE = '" + POSTCODE.Text +
"', VOTER_PIC = @VOTER_PIC where IC_NUMBER = " + ICNUMBER.Text;
com.CommandType = CommandType.Text;
com.Parameters.AddWithValue("@VOTER_PIC", pictureBox1.Image);
com.Parameters.AddWithValue("@Salutation", SALUTATION.Text);
com.Parameters.AddWithValue("@Name", NAME.Text);
com.Parameters.AddWithValue("@Sex", SEX.Text);
com.Parameters.AddWithValue("@Ethnicity", ETHNICITY.Text);
com.Parameters.AddWithValue("@MaritalStatus", MARITALSTATUS.Text);
com.Parameters.AddWithValue("@ICNumber", ICNUMBER.Text);
com.Parameters.AddWithValue("@HPNumber", HPNUMBER.Text);
com.Parameters.AddWithValue("@Dob", DOB.Text);
com.Parameters.AddWithValue("@Address", ADDRESS.Text);
com.Parameters.AddWithValue("@State", STATE.Text);
com.Parameters.AddWithValue("@City", CITY.Text);
com.Parameters.AddWithValue("@PostCode", POSTCODE.Text);
if (pictureBox1.Image != null)
{
ms = new MemoryStream();
pictureBox1.Image.Save(ms, ImageFormat.Jpeg);
byte[] photo_aray = new byte[ms.Length];
ms.Position = 0;
ms.Read(photo_aray, 0, photo_aray.Length);
com.Parameters.AddWithValue("@VOTER_PIC", photo_aray);
}
try
{
com.ExecuteNonQuery();
MessageBox.Show("updated...");
SALUTATION.Text = null;
NAME.Text = null;
SEX.Text = null;
ETHNICITY.Text = null;
MARITALSTATUS.Text = null;
ICNUMBER.Text = null;
HPNUMBER.Text = null;
DOB.Text = null;
ADDRESS.Text = null;
STATE.Text = null;
CITY.Text = null;
POSTCODE.Text = null;
}
catch (Exception EX)
{
MessageBox.Show(EX + "NOT Updated");
}
finally
{
con.Close();
}
}
我建议您删除
,
在之前的where
,并在ICNUMBER.text
private void button5_Click(object sender, EventArgs e)
{
DataGridViewRow updatedrow = dataGridView1.Rows[chooseAnyRow];
updatedrow.Cells[0].Value = SALUTATION.Text;
updatedrow.Cells[1].Value = NAME.Text;
updatedrow.Cells[2].Value = SEX.Text;
updatedrow.Cells[3].Value = ETHNICITY.Text;
updatedrow.Cells[4].Value = MARITALSTATUS.Text;
updatedrow.Cells[5].Value = ICNUMBER.Text;
updatedrow.Cells[6].Value = HPNUMBER.Text;
updatedrow.Cells[7].Value = DOB.Text;
updatedrow.Cells[8].Value = ADDRESS.Text;
updatedrow.Cells[9].Value = STATE.Text;
updatedrow.Cells[10].Value = CITY.Text;
updatedrow.Cells[11].Value = POSTCODE.Text;
updatedrow.Cells[12].Value = pictureBox1.Image;
con = new SqlConnection(@"Data Source=dasranrajlui\sqlexpress;Initial Catalog=SESoriginal;Integrated Security=True");
con.Open();
com = con.CreateCommand();
com.CommandType = CommandType.Text;
com.CommandText = " update VoterRegistration set SALUTATION = '" + SALUTATION.Text +
"', NAME = '" + NAME.Text +
"', SEX = '" + SEX.Text +
"', ETHNICITY = '" + ETHNICITY.Text +
"', MARITALSTATUS = '" + MARITALSTATUS.Text +
"', IC_NUMBER = " + ICNUMBER.Text +
", HP_NUMBER = " + HPNUMBER.Text +
", DOB = '" + DOB.Text +
"', ADDRESS = '" + ADDRESS.Text +
"', STATE = '" + STATE.Text +
"', CITY = '" + CITY.Text +
"', POSTCODE = '" + POSTCODE.Text +
"', VOTER_PIC = @VOTER_PIC where IC_NUMBER = " + ICNUMBER.Text;
com.CommandType = CommandType.Text;
com.Parameters.AddWithValue("@VOTER_PIC", pictureBox1.Image);
com.Parameters.AddWithValue("@Salutation", SALUTATION.Text);
com.Parameters.AddWithValue("@Name", NAME.Text);
com.Parameters.AddWithValue("@Sex", SEX.Text);
com.Parameters.AddWithValue("@Ethnicity", ETHNICITY.Text);
com.Parameters.AddWithValue("@MaritalStatus", MARITALSTATUS.Text);
com.Parameters.AddWithValue("@ICNumber", ICNUMBER.Text);
com.Parameters.AddWithValue("@HPNumber", HPNUMBER.Text);
com.Parameters.AddWithValue("@Dob", DOB.Text);
com.Parameters.AddWithValue("@Address", ADDRESS.Text);
com.Parameters.AddWithValue("@State", STATE.Text);
com.Parameters.AddWithValue("@City", CITY.Text);
com.Parameters.AddWithValue("@PostCode", POSTCODE.Text);
if (pictureBox1.Image != null)
{
ms = new MemoryStream();
pictureBox1.Image.Save(ms, ImageFormat.Jpeg);
byte[] photo_aray = new byte[ms.Length];
ms.Position = 0;
ms.Read(photo_aray, 0, photo_aray.Length);
com.Parameters.AddWithValue("@VOTER_PIC", photo_aray);
}
try
{
com.ExecuteNonQuery();
MessageBox.Show("updated...");
SALUTATION.Text = null;
NAME.Text = null;
SEX.Text = null;
ETHNICITY.Text = null;
MARITALSTATUS.Text = null;
ICNUMBER.Text = null;
HPNUMBER.Text = null;
DOB.Text = null;
ADDRESS.Text = null;
STATE.Text = null;
CITY.Text = null;
POSTCODE.Text = null;
}
catch (Exception EX)
{
MessageBox.Show(EX + "NOT Updated");
}
finally
{
con.Close();
}
}
使用您创建的参数并删除额外的逗号
"', POSTCODE = '" + POSTCODE.Text + "' where IC_NUMBER = '" + ICNUMBER.Text +"'";
使用您创建的参数并删除额外的逗号
"', POSTCODE = '" + POSTCODE.Text + "' where IC_NUMBER = '" + ICNUMBER.Text +"'";
代码中再少一些错误;更正后的表格如下
@parameterName
来传递相应的值。您的查询将为sql注入打开一扇大门,
后的邮政编码=…
,您不需要将,
放在最后一个列名“”后com.Parameters.AddWithValue(“@ICNumber”,
(编号:文本)代码>两次,因为命令需要12
参数
代码如下所示:
con = new SqlConnection(@"Data Source=dasranrajlui\sqlexpress;Initial Catalog=SESoriginal;Integrated Security=True");
con.Open();
com = con.CreateCommand();
com.CommandType = CommandType.Text;
com.CommandText = " update VoterRegistration set
SALUTATION @Salutation,
NAME = @Name,
SEX = @Sex,
ETHNICITY =@Ethnicity,
MARITALSTATUS = @MaritalStatus,
IC_NUMBER = @ICNumber,
HP_NUMBER = @HPNumber,
DOB = @Dob,
ADDRESS = @Address,
STATE = @State,
CITY = @City,
POSTCODE = @PostCode
where IC_NUMBER = @ICNumber";
com.CommandType = CommandType.Text;
com.Parameters.AddWithValue("@Salutation", SALUTATION.Text);
com.Parameters.AddWithValue("@Name", NAME.Text);
com.Parameters.AddWithValue("@Sex", SEX.Text);
com.Parameters.AddWithValue("@Ethnicity", ETHNICITY.Text);
com.Parameters.AddWithValue("@MaritalStatus", MARITALSTATUS.Text);
com.Parameters.AddWithValue("@ICNumber", ICNUMBER.Text);
com.Parameters.AddWithValue("@HPNumber", HPNUMBER.Text);
com.Parameters.AddWithValue("@Dob", DOB.Text);
com.Parameters.AddWithValue("@Address", ADDRESS.Text);
com.Parameters.AddWithValue("@State", STATE.Text);
com.Parameters.AddWithValue("@City", CITY.Text);
com.Parameters.AddWithValue("@PostCode", POSTCODE.Text);
com.Parameters.AddWithValue("@ICNumber", ICNUMBER.Text);
代码中再少一些错误;更正后的表格如下
您以错误的方式使用参数化查询。您需要使用@parameterName
来传递相应的值。您的查询将为sql注入打开一扇大门
导致当前错误的,
后的邮政编码=…
,您不需要将,
放在最后一个列名“”后
最后,您需要添加com.Parameters.AddWithValue(“@ICNumber”,
(编号:文本)代码>两次,因为命令需要12
参数
代码如下所示:
con = new SqlConnection(@"Data Source=dasranrajlui\sqlexpress;Initial Catalog=SESoriginal;Integrated Security=True");
con.Open();
com = con.CreateCommand();
com.CommandType = CommandType.Text;
com.CommandText = " update VoterRegistration set
SALUTATION @Salutation,
NAME = @Name,
SEX = @Sex,
ETHNICITY =@Ethnicity,
MARITALSTATUS = @MaritalStatus,
IC_NUMBER = @ICNumber,
HP_NUMBER = @HPNumber,
DOB = @Dob,
ADDRESS = @Address,
STATE = @State,
CITY = @City,
POSTCODE = @PostCode
where IC_NUMBER = @ICNumber";
com.CommandType = CommandType.Text;
com.Parameters.AddWithValue("@Salutation", SALUTATION.Text);
com.Parameters.AddWithValue("@Name", NAME.Text);
com.Parameters.AddWithValue("@Sex", SEX.Text);
com.Parameters.AddWithValue("@Ethnicity", ETHNICITY.Text);
com.Parameters.AddWithValue("@MaritalStatus", MARITALSTATUS.Text);
com.Parameters.AddWithValue("@ICNumber", ICNUMBER.Text);
com.Parameters.AddWithValue("@HPNumber", HPNUMBER.Text);
com.Parameters.AddWithValue("@Dob", DOB.Text);
com.Parameters.AddWithValue("@Address", ADDRESS.Text);
com.Parameters.AddWithValue("@State", STATE.Text);
com.Parameters.AddWithValue("@City", CITY.Text);
com.Parameters.AddWithValue("@PostCode", POSTCODE.Text);
com.Parameters.AddWithValue("@ICNumber", ICNUMBER.Text);
在之前不应该有,
,其中
也应该在某人的名字包含,
之前查看参数化查询,比如O'Reilly
。。。或robert';落桌学生--
..@Uueerdo或者更糟的是,谢谢你的工作,但是有一个新问题,在之前不应该有,
,其中
还有,你应该在某人的名字包含'
之前查看参数化查询,比如O'Reilly
。。。或robert';落桌学生--代码>..@uuerdo或更糟的谢谢你,这是有效的,但是有一个新的问题,你打算如何处理注射?为什么否决这个答案是正确的。。与sintax erro有关,而不是处理注入…所以…我对此不确定,因为我不明白:对象不存在映射type@scaisEdge:没有反对票,但我可以说,如果没有参数化,你的答案是不完整的;这并不意味着答案是错的好吧。。。我只是回答关于辛塔克斯的问题。。没有别的。。最初的问题是关于附近的一个错误…你打算如何处理注射?为什么否决?答案是正确的。。与sintax erro有关,而不是处理注入…所以…我对此不确定,因为我不明白:对象不存在映射type@scaisEdge:没有反对票,但我可以说,如果没有参数化,你的答案是不完整的;这并不意味着答案是错的好吧。。。我只是回答关于辛塔克斯的问题。。没有别的。。最初的问题是关于一个错误,靠近。。。