C# ious Sql注入,但也容易受到格式错误的Sql、类型转换、数据截断的影响,并且无法使用缓存的查询计划。此更改还应使调试更容易。正如所建议的,您可能需要运行跟踪以检查服务器上正在执行的操作。我将在服务器上运行探查器跟踪,并将再次对结果进行注释。NonQu
C# ious Sql注入,但也容易受到格式错误的Sql、类型转换、数据截断的影响,并且无法使用缓存的查询计划。此更改还应使调试更容易。正如所建议的,您可能需要运行跟踪以检查服务器上正在执行的操作。我将在服务器上运行探查器跟踪,并将再次对结果进行注释。NonQu,c#,sql,asp.net,sql-server,windows-server-2008,C#,Sql,Asp.net,Sql Server,Windows Server 2008,ious Sql注入,但也容易受到格式错误的Sql、类型转换、数据截断的影响,并且无法使用缓存的查询计划。此更改还应使调试更容易。正如所建议的,您可能需要运行跟踪以检查服务器上正在执行的操作。我将在服务器上运行探查器跟踪,并将再次对结果进行注释。NonQuery函数:private int NonQuery(string NonQuery){Open();command.CommandText=NonQuery;int i;i=command.ExecuteNonQuery();Close();
ious Sql注入,但也容易受到格式错误的Sql、类型转换、数据截断的影响,并且无法使用缓存的查询计划。此更改还应使调试更容易。正如所建议的,您可能需要运行跟踪以检查服务器上正在执行的操作。我将在服务器上运行探查器跟踪,并将再次对结果进行注释。NonQuery函数:private int NonQuery(string NonQuery){Open();command.CommandText=NonQuery;int i;i=command.ExecuteNonQuery();Close();return i;}where Open()和Close()打开/关闭与数据库的连接(工作正常)
public string Update(ReportContent rcOld, string newAccountCodeID, string newAmount)
{
string queryFrom = "FROM [FinReports].[dbo].[ReportContent] ";
string queryWhere =
" WHERE ReportID = '" + rcOld.ReportID +
"' AND AccountCodeID = '" + rcOld.AccountCodeID +
"' AND Amount = '" + rcOld.Amount.ToString().Replace(',', '.') + "'";
//check number of rows
int rowCount;
string query = "SELECT COUNT(*) " + queryFrom + queryWhere;
try { rowCount = int.Parse(Single(query)); }
catch { throw new NotSupportedException(command.CommandText + ""); }
//throw new NotSupportedException(query + "");
//return if eny errors are found
if (rowCount < 1) return "Ne postoji u bazi podataka";
if (rowCount > 1) return "Postoji vise od 1 reda sa istim celijama";
//update row
query = "UPDATE [FinReports].[dbo].[ReportContent] " +
"SET AccountCodeID = '" + newAccountCodeID + "', Amount = " + newAmount.Replace(',', '.') +
queryWhere;
//throw new NotSupportedException(query + "");
//try {
if (NonQuery(query) != 1)
return "Greska";
//} catch { throw new NotSupportedException(query + ""); }
return "";
//}catch{return "Fatalna greska"; }
}
if (Request.QueryString["reportID"] == null)
{ //error code here
}
database = new DATABASE();
//load report from db
reportID = int.Parse(Request.QueryString["reportID"]);
List<ReportContent> rows = database.ReportContents(reportID);
//add rows
for (int i = 0; i < rows.Count; i++)
report.Rows.Add(TRow(rows[i].AccountCodeID.ToString(),SetDecimals(rows[i].Amount.ToString()), i));
}
}
public TableRow TRow(string AccountCodeID, string Amount, int rowNo)
{
TableCell cell = new TableCell();
TableRow row = new TableRow();
Label label = new Label();
string tbACIDID = "tbAccountCodeID" + rowNo;
string tbAID = "tbAmount" + rowNo;
//add row number
label.Text = (rowNo + 1) + ".";
cell.Controls.Add(label);
row.Cells.Add(cell);
//add AccountCodeID
TextBox tbac = new TextBox();
tbac.ID = tbACIDID;
tbac.Text = AccountCodeID;
tbac.Width = 50;
tbac.CssClass = "textbox";
cell = new TableCell();
cell.Controls.Add(tbac);
cell.Attributes.Add("class", "cell");
row.Cells.Add(cell);
//add Amount
tbam = new TextBox();
tbam.ID = tbAID;
tbam.Text = Amount;
tbam.Width = 100;
tbam.CssClass = "textbox";
cell.Controls.Add(tbam);
cell.Attributes.Add("class", "cell");
row.Cells.Add(cell);
//add save button
Button btn = new Button();
btn.Text = "Sacuvaj";
btn.CssClass = "saveButton";
btn.CommandArgument =
"u" + separator +
rowNo + separator +
tbac.Text + separator +
tbam.Text;
btn.Click += new EventHandler(Update);
cell.Controls.Add(btn);
//style cell
cell.Attributes.Add("class", "tableCell");
row.Cells.Add(cell);
//style row
row.Attributes.Add("class", "row");
return row;
}
public TableRow TRow(string AccountCodeID, string Amount, int rowNo)
{
TableCell cell = new TableCell();
TableRow row = new TableRow();
Label label = new Label();
string tbACIDID = "tbAccountCodeID" + rowNo;
string tbAID = "tbAmount" + rowNo;
//add row number
label.Text = (rowNo + 1) + ".";
cell.Controls.Add(label);
row.Cells.Add(cell);
//add AccountCodeID
TextBox tb = new TextBox();
tb.ID = tbACIDID;
tb.Text = AccountCodeID;
tb.Width = 50;
tb.CssClass = "textbox";
cell = new TableCell();
cell.Controls.Add(tb);
cell.Attributes.Add("class", "cell");
row.Cells.Add(cell);
//add Amount
tb = new TextBox();
tb.ID = tbAID;
tb.Text = Amount;
tb.Width = 100;
tb.CssClass = "textbox";
cell.Controls.Add(tb);
cell.Attributes.Add("class", "cell");
row.Cells.Add(cell);
//add save button
Button btn = new Button();
btn.Text = "Sacuvaj";
btn.CssClass = "saveButton";
btn.CommandArgument =
"u" + separator +
rowNo + separator +
tbACIDID + separator +
tbAID;
btn.Click += new EventHandler(Update);
cell.Controls.Add(btn);
//style cell
cell.Attributes.Add("class", "tableCell");
row.Cells.Add(cell);
//style row
row.Attributes.Add("class", "row");
return row;
}