Fatal编程技术网
  • csharp/
  • C# ious Sql注入,但也容易受到格式错误的Sql、类型转换、数据截断的影响,并且无法使用缓存的查询计划。此更改还应使调试更容易。正如所建议的,您可能需要运行跟踪以检查服务器上正在执行的操作。我将在服务器上运行探查器跟踪,并将再次对结果进行注释。NonQu

C# ious Sql注入,但也容易受到格式错误的Sql、类型转换、数据截断的影响,并且无法使用缓存的查询计划。此更改还应使调试更容易。正如所建议的,您可能需要运行跟踪以检查服务器上正在执行的操作。我将在服务器上运行探查器跟踪,并将再次对结果进行注释。NonQu

c# sql asp.net sql-server

C# ious Sql注入,但也容易受到格式错误的Sql、类型转换、数据截断的影响,并且无法使用缓存的查询计划。此更改还应使调试更容易。正如所建议的,您可能需要运行跟踪以检查服务器上正在执行的操作。我将在服务器上运行探查器跟踪,并将再次对结果进行注释。NonQu,c#,sql,asp.net,sql-server,windows-server-2008,C#,Sql,Asp.net,Sql Server,Windows Server 2008,ious Sql注入,但也容易受到格式错误的Sql、类型转换、数据截断的影响,并且无法使用缓存的查询计划。此更改还应使调试更容易。正如所建议的,您可能需要运行跟踪以检查服务器上正在执行的操作。我将在服务器上运行探查器跟踪,并将再次对结果进行注释。NonQuery函数:private int NonQuery(string NonQuery){Open();command.CommandText=NonQuery;int i;i=command.ExecuteNonQuery();Close();

ious Sql注入,但也容易受到格式错误的Sql、类型转换、数据截断的影响,并且无法使用缓存的查询计划。此更改还应使调试更容易。正如所建议的,您可能需要运行跟踪以检查服务器上正在执行的操作。我将在服务器上运行探查器跟踪,并将再次对结果进行注释。NonQuery函数:private int NonQuery(string NonQuery){Open();command.CommandText=NonQuery;int i;i=command.ExecuteNonQuery();Close();return i;}where Open()和Close()打开/关闭与数据库的连接(工作正常) 
public string Update(ReportContent rcOld, string newAccountCodeID, string newAmount)
{
    string queryFrom = "FROM [FinReports].[dbo].[ReportContent] ";
    string queryWhere = 
        " WHERE ReportID = '" + rcOld.ReportID +
        "' AND AccountCodeID = '" + rcOld.AccountCodeID + 
        "' AND Amount = '" + rcOld.Amount.ToString().Replace(',', '.') + "'";

    //check number of rows
    int rowCount;
    string query = "SELECT COUNT(*) " + queryFrom + queryWhere;
    try { rowCount = int.Parse(Single(query)); }
    catch { throw new NotSupportedException(command.CommandText + ""); }

    //throw new NotSupportedException(query + "");

    //return if eny errors are found
    if (rowCount < 1) return "Ne postoji u bazi podataka";
    if (rowCount > 1) return "Postoji vise od 1 reda sa istim celijama";

    //update row
    query = "UPDATE [FinReports].[dbo].[ReportContent] " +
        "SET AccountCodeID = '" + newAccountCodeID + "', Amount = " + newAmount.Replace(',', '.') +
         queryWhere;

    //throw new NotSupportedException(query + "");

    //try {
    if (NonQuery(query) != 1)
        return "Greska";
    //} catch { throw new NotSupportedException(query + ""); }
    return "";
    //}catch{return "Fatalna greska"; }
}

            if (Request.QueryString["reportID"] == null)
            { //error code here 
            }

            database = new DATABASE();

            //load report from db
            reportID = int.Parse(Request.QueryString["reportID"]);
            List<ReportContent> rows = database.ReportContents(reportID);

            //add rows
            for (int i = 0; i < rows.Count; i++)
            report.Rows.Add(TRow(rows[i].AccountCodeID.ToString(),SetDecimals(rows[i].Amount.ToString()), i));
        }
    }

public TableRow TRow(string AccountCodeID, string Amount, int rowNo)
    {
        TableCell cell = new TableCell();
        TableRow row = new TableRow();
        Label label = new Label();
        string tbACIDID = "tbAccountCodeID" + rowNo;
        string tbAID = "tbAmount" + rowNo;

        //add row number
        label.Text = (rowNo + 1) + ".";
        cell.Controls.Add(label);
        row.Cells.Add(cell);

        //add AccountCodeID
        TextBox tbac = new TextBox();
        tbac.ID = tbACIDID;
        tbac.Text = AccountCodeID;
        tbac.Width = 50;
        tbac.CssClass = "textbox";
        cell = new TableCell();
        cell.Controls.Add(tbac);
        cell.Attributes.Add("class", "cell");
        row.Cells.Add(cell);

        //add Amount
        tbam = new TextBox();
        tbam.ID = tbAID;
        tbam.Text = Amount;
        tbam.Width = 100;
        tbam.CssClass = "textbox";
        cell.Controls.Add(tbam);
        cell.Attributes.Add("class", "cell");
        row.Cells.Add(cell);

        //add save button
        Button btn = new Button();
        btn.Text = "Sacuvaj";
        btn.CssClass = "saveButton";
        btn.CommandArgument = 
            "u" + separator + 
            rowNo + separator + 
            tbac.Text + separator + 
            tbam.Text;
        btn.Click += new EventHandler(Update);
        cell.Controls.Add(btn);

        //style cell
        cell.Attributes.Add("class", "tableCell");
        row.Cells.Add(cell);

        //style row
        row.Attributes.Add("class", "row");

        return row;
    }

public TableRow TRow(string AccountCodeID, string Amount, int rowNo)
    {
        TableCell cell = new TableCell();
        TableRow row = new TableRow();
        Label label = new Label();
        string tbACIDID = "tbAccountCodeID" + rowNo;
        string tbAID = "tbAmount" + rowNo;

        //add row number
        label.Text = (rowNo + 1) + ".";
        cell.Controls.Add(label);
        row.Cells.Add(cell);

        //add AccountCodeID
        TextBox tb = new TextBox();
        tb.ID = tbACIDID;
        tb.Text = AccountCodeID;
        tb.Width = 50;
        tb.CssClass = "textbox";
        cell = new TableCell();
        cell.Controls.Add(tb);
        cell.Attributes.Add("class", "cell");
        row.Cells.Add(cell);

        //add Amount
        tb = new TextBox();
        tb.ID = tbAID;
        tb.Text = Amount;
        tb.Width = 100;
        tb.CssClass = "textbox";
        cell.Controls.Add(tb);
        cell.Attributes.Add("class", "cell");
        row.Cells.Add(cell);

        //add save button
        Button btn = new Button();
        btn.Text = "Sacuvaj";
        btn.CssClass = "saveButton";
        btn.CommandArgument = 
            "u" + separator + 
            rowNo + separator + 
            tbACIDID + separator + 
            tbAID;
        btn.Click += new EventHandler(Update);
        cell.Controls.Add(btn);

        //style cell
        cell.Attributes.Add("class", "tableCell");
        row.Cells.Add(cell);

        //style row
        row.Attributes.Add("class", "row");

        return row;
    }