C# insertCommand2.Parameters.AddWithValue(“@CardExpiryDate”,txtexpdate.Text); insertCommand2.Parameters.AddWithValue(“@CVV”,TxtECVV
insertCommand2.Parameters.AddWithValue(“@CardExpiryDate”,txtexpdate.Text); insertCommand2.Parameters.AddWithValue(“@CVV”,TxtECVV.Text); InsertCommand 2.ExecuteOnQuery(); 响应。写入(“警报(‘已保存的更改’)”); } 康涅狄格州关闭(); } }C# insertCommand2.Parameters.AddWithValue(“@CardExpiryDate”,txtexpdate.Text); insertCommand2.Parameters.AddWithValue(“@CVV”,TxtECVV,c#,asp.net,visual-studio,C#,Asp.net,Visual Studio,insertCommand2.Parameters.AddWithValue(“@CardExpiryDate”,txtexpdate.Text); insertCommand2.Parameters.AddWithValue(“@CVV”,TxtECVV.Text); InsertCommand 2.ExecuteOnQuery(); 响应。写入(“警报(‘已保存的更改’)”); } 康涅狄格州关闭(); } } 它们似乎不起作用。这不是问题的明确解释。运行此代码时会发生什么情况?你有错误吗?
它们似乎不起作用。
这不是问题的明确解释。运行此代码时会发生什么情况?你有错误吗?什么错误?你调试代码了吗?调试的结果是什么?“它们似乎不起作用。”这不是一个很好的问题描述。你犯了什么错误?发生了什么不应该发生的事?什么是不应该发生的?另一方面,您也对SQL注入攻击持开放态度。使用SQL参数而不是构建SQL查询。错误是什么?您还需要考虑一下所有这些DB语句的错误处理。如果第二次插入失败,会发生什么情况?您现在有不完整的数据。所有这些更新也是如此。您应该查看DB端和.net端的事务。有一点很突出。。。。您的update语句将更新每一行!你应该有某种标识符。。。e、 g更新成员集。。。。。其中MemberId=@MemberId
public partial class EditAccount : System.Web.UI.Page
{
SqlConnection conn = new SqlConnection("Data Source=(LocalDB)\\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\\Database.mdf;Integrated Security=True");
private readonly object MessageBox;
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
SqlCommand com;
string str;
conn.Open();
str = "SELECT Address.HouseNumber, Address.AddressLine1, Address.AddressLine2, Address.City, Address.PostCode, CardDetails.CardDetailsID, CardDetails.NameOnCard, CardDetails.NameOfCard, CardDetails.CardNumber, CardDetails.CardExpiryDate, CardDetails.CVV, AddressType.AddressTypeDescription, Member.MemberID, Member.MemberName, Member.Phone, Member.Email, Member.Username FROM Address FULL JOIN AddressType ON Address.AddressTypeID = AddressType.AddressTypeID FULL JOIN Member ON AddressType.MemberID = Member.MemberID FULL JOIN CardDetails ON Member.MemberID = CardDetails.MemberID WHERE Member.Email = '" + Session["Email"] + "'";
com = new SqlCommand(str, conn);
SqlDataReader reader = com.ExecuteReader();
if (reader.Read())
{
TxtEName.Text = reader["MemberName"].ToString();
LblEUser.Text = reader["Username"].ToString();
TxtEEmail.Text = reader["Email"].ToString();
TxtEPhone.Text = reader["Phone"].ToString();
TxtEType.Text = reader["AddressTypeDescription"].ToString();
TxtEHouse.Text = reader["HouseNumber"].ToString();
TxtEA1.Text = reader["AddressLine1"].ToString();
TxtEA2.Text = reader["AddressLine2"].ToString();
TxtECity.Text = reader["City"].ToString();
TxtEPostcode.Text = reader["PostCode"].ToString();
TxtENameOf.Text = reader["NameOfCard"].ToString();
TxtENameOn.Text = reader["NameOnCard"].ToString();
TxtECardNo.Text = reader["CardNumber"].ToString();
TxtEExpDate.Text = reader["CardExpiryDate"].ToString();
TxtECVV.Text = reader["CVV"].ToString();
reader.Close();
conn.Close();
}
}
}
protected void BtnSave_Click(object sender, EventArgs e)
{
conn.Open();
SqlDataAdapter str = new SqlDataAdapter ("SELECT Address.HouseNumber, Address.AddressLine1, Address.AddressLine2, Address.City, Address.PostCode, CardDetails.NameOnCard, CardDetails.NameOfCard, CardDetails.CardNumber, CardDetails.CardExpiryDate, CardDetails.CVV, AddressType.AddressTypeDescription, Member.MemberName, Member.Phone, Member.Email, Member.Username FROM Address FULL JOIN AddressType ON Address.AddressTypeID = AddressType.AddressTypeID FULL JOIN Member ON AddressType.MemberID = Member.MemberID FULL JOIN CardDetails ON Member.MemberID = CardDetails.MemberID WHERE Member.Email = '" + Session["Email"] + "'",conn);
DataSet ds = new DataSet();
str.Fill(ds);
if (ds.Tables[0].Rows.Count > 0)
{
SqlCommand updateCommand = new SqlCommand("UPDATE Member SET MemberName = '" + TxtEName.Text + "', Email = '" + TxtEEmail.Text + "', Phone = '" + TxtEPhone.Text + "'", conn);
SqlCommand updateCommand1 = new SqlCommand("UPDATE Address SET HouseNumber ='" + TxtEHouse.Text + "', AddressLine1 = '" + TxtEA1.Text + "', AddressLine2 = '" + TxtEA2.Text + "', City = '" + TxtECity.Text + "',PostCode = '" + TxtEPostcode.Text + "'", conn);
SqlCommand updateCommand2 = new SqlCommand("UPDATE AddressType SET AddressTypeDescription = '" + TxtEType.Text + "'", conn);
SqlCommand updateCommand3 = new SqlCommand("UPDATE CardDetails SET NameOnCard = '" + TxtENameOn.Text + "', NameOfCard = '" + TxtENameOf.Text + "', CardNumber = '" + TxtECardNo.Text + "', CardExpiryDate = '" + TxtEExpDate.Text + "', CVV = '" + TxtECVV.Text + "'", conn);
updateCommand.ExecuteNonQuery();
updateCommand1.ExecuteNonQuery();
updateCommand2.ExecuteNonQuery();
updateCommand3.ExecuteNonQuery();
Response.Write("<script>alert('Changes saved')</script>");
}
else
{
SqlCommand insertCommand = new SqlCommand("INSERT INTO AddressType (AddressTypeDescription) VALUES (@AddressTypeDescription)", conn);
insertCommand.Parameters.AddWithValue("@AddressTypeDescription", TxtEType.Text);
insertCommand.ExecuteNonQuery();
SqlCommand insertCommand1 = new SqlCommand("INSERT INTO Address (HouseNumber, AddressLine1, AddressLine2, City, PostCode) VALUES (@HouseNumber, @AddressLine1, @AddressLine2, @City, @PostCode)", conn);
insertCommand1.Parameters.AddWithValue("@HouseNumber", TxtEHouse.Text);
insertCommand1.Parameters.AddWithValue("@AddressLine1", TxtEA1.Text);
insertCommand1.Parameters.AddWithValue("@AddressLine2", TxtEA2.Text);
insertCommand1.Parameters.AddWithValue("@City", TxtECity.Text);
insertCommand1.Parameters.AddWithValue("@PostCode", TxtEPostcode.Text);
insertCommand1.ExecuteNonQuery();
SqlCommand insertCommand2 = new SqlCommand("INSERT INTO CardDetails (NameOnCard, NameOfCard, CardNumber, CardExpiryDate, CVV) VALUES (@NameOnCard, @NameOfCard, @CardNumber, @CardExpiryDate, @CVV)", conn);
insertCommand2.Parameters.AddWithValue("@NameOnCard", TxtENameOn.Text);
insertCommand2.Parameters.AddWithValue("@NameOfCard", TxtENameOf.Text);
insertCommand2.Parameters.AddWithValue("@CardNumber", TxtECardNo.Text);
insertCommand2.Parameters.AddWithValue("@CardExpiryDate", TxtEExpDate.Text);
insertCommand2.Parameters.AddWithValue("@CVV", TxtECVV.Text);
insertCommand2.ExecuteNonQuery();
Response.Write("<script>alert('Changes saved')</script>");
}
conn.Close();
}
}