Sql 为什么这个查询不起作用?
我添加了一个文本框和一个按钮,如下所示Sql 为什么这个查询不起作用?,sql,asp.net,.net,Sql,Asp.net,.net,我添加了一个文本框和一个按钮,如下所示 <asp:Label ID="Label1" runat="server" Text="Email'e Göre Silin"></asp:Label> <asp:TextBox ID="TextBox1" runat="server"></asp:TextBox> <br /> <br /> <asp:Butto
<asp:Label ID="Label1" runat="server" Text="Email'e Göre Silin"></asp:Label>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<br />
<br />
<asp:Button ID="Button1" runat="server" Text="Sil" />
delete from tblMessage where Email = 'gs213'
我已尝试添加如下。tostring方法,但再次无效
SqlCommand cmd = new SqlCommand("delete from tblMessage where Email = '"+TextBox1.Text.ToString()+ "' ", con);
查询在sql server中工作,如下所示
<asp:Label ID="Label1" runat="server" Text="Email'e Göre Silin"></asp:Label>
<asp:TextBox ID="TextBox1" runat="server"></asp:TextBox>
<br />
<br />
<asp:Button ID="Button1" runat="server" Text="Sil" />
delete from tblMessage where Email = 'gs213'
有什么问题吗?这样就行了
您可以使用如下参数代替字符串连接
using (SqlConnection connection =
new SqlConnection(ConfigurationManager.ConnectionStrings["DEFAULT"].ConnectionString))
{
var command = new SqlCommand("delete from tblMessage where email = @email", connection);
command.Parameters.Add(new SqlParameter("email", SqlDbType.VarChar)
{
Value = TextBox1.Text
});
connection.Open();
command.ExecuteNonQuery();
}
警告:您的代码极易受到sql注入攻击。无论如何,孩子们,不要在家里这样做。请阅读并详细说明“不起作用”。学习使用参数进行查询。Munging查询字符串可能会引入很难发现的语法错误(并使代码容易受到SQL注入攻击)。