Sql 数据库asp.net中的数据未更新
未找到任何错误,但数据库中的数据未更新,并且在首次加载时显示错误是错误的 位置0处没有行 和数据显示在下面的gridview中 但当从菜单加载数据显示在文本框中时 更新按钮代码Sql 数据库asp.net中的数据未更新,sql,asp.net,.net,vb.net,Sql,Asp.net,.net,Vb.net,未找到任何错误,但数据库中的数据未更新,并且在首次加载时显示错误是错误的 位置0处没有行 和数据显示在下面的gridview中 但当从菜单加载数据显示在文本框中时 更新按钮代码 Protected Sub taxsubmit_Click(sender As Object, e As ImageClickEventArgs) Handles taxsubmit.Click Using con As SqlConnection = New SqlConnection(strConnStrin
Protected Sub taxsubmit_Click(sender As Object, e As ImageClickEventArgs) Handles taxsubmit.Click
Using con As SqlConnection = New SqlConnection(strConnString)
Using cmd As SqlCommand = New SqlCommand
cmd.Connection = con
cmd.CommandType = CommandType.Text
cmd.CommandText = "UPDATE [Deduction] SET [IncomeTax] = @IncomeTax, [SalesTax] = @SalesTax, [ServiceTax] = @ServiceTax, [LabourCess] = @LabourCess, [SocityTax] = @SocityTax, [ESIC] = @ESIC, [EPF] = @EPF, [Security] = @Security, [FinYear] = @FinYear, [Condition1] = @Condition1, [Condition2] = @Condition2, [Condition3] = @Condition3, [CompID] = " + Session("Companydetl") + " WHERE [DedID] = " + dedid + ""
cmd.Parameters.AddWithValue("@IncomeTax", Income_Tax.Text)
cmd.Parameters.AddWithValue("@SalesTax", Sales.Text)
cmd.Parameters.AddWithValue("@ServiceTax", Service.Text)
cmd.Parameters.AddWithValue("@LabourCess", Labour_Cess.Text)
cmd.Parameters.AddWithValue("@SocityTax", Society.Text)
cmd.Parameters.AddWithValue("@ESIC", ESIC.Text)
cmd.Parameters.AddWithValue("@EPF", EPF.Text)
cmd.Parameters.AddWithValue("@Security", Security.Text)
cmd.Parameters.AddWithValue("@FinYear", Fin_Year.SelectedValue)
cmd.Parameters.AddWithValue("@Condition1", Cond1.Text)
cmd.Parameters.AddWithValue("@Condition2", Cond2.Text)
cmd.Parameters.AddWithValue("@Condition3", Cond3.Text)
con.Open()
cmd.ExecuteNonQuery()
con.Close()
End Using
End Using
End Sub
Using con As SqlConnection = New SqlConnection(strConnString)
Using cmd As SqlCommand = New SqlCommand
cmd.Connection = con
cmd.CommandType = CommandType.Text
cmd.CommandText = "Select DedID, IncomeTax, SalesTax, ServiceTax, LabourCess, SocityTax, ESIC, EPF,
Security, FinYear, Condition1, Condition2, Condition3 from Deduction where CompID = '" + Session("Companydetl") + "'"
Dim dt As New DataTable()
con.Open()
Dim reader As SqlDataReader = cmd.ExecuteReader()
Try
dt.Load(reader)
Income_Tax.Text = dt.Rows(0).Item("IncomeTax").ToString.Trim()
Labour_Cess.Text = dt.Rows(0).Item("LabourCess").ToString.Trim()
ESIC.Text = dt.Rows(0).Item("ESIC").ToString.Trim()
EPF.Text = dt.Rows(0).Item("EPF").ToString.Trim()
Society.Text = dt.Rows(0).Item("SocityTax").ToString.Trim()
Service.Text = dt.Rows(0).Item("ServiceTax").ToString.Trim()
Sales.Text = dt.Rows(0).Item("SalesTax").ToString.Trim()
Security.Text = dt.Rows(0).Item("Security").ToString.Trim()
Fin_Year.SelectedValue = dt.Rows(0).Item("FinYear").ToString.Trim()
Cond1.Text = dt.Rows(0).Item("Condition1").ToString.Trim()
Cond2.Text = dt.Rows(0).Item("Condition2").ToString.Trim()
Cond3.Text = dt.Rows(0).Item("Condition3").ToString.Trim()
dedid = dt.Rows(0).Item("DedID").ToString.Trim()
con.Close()
Catch ex As Exception
MsgBox(ex.Message, vbOKOnly, "Error")
End Try
End Using
End Using
由于我是新手,请提供帮助。您似乎已将
dedid尝试将其存储在
会话CompIDUsing oDb As New MyDbContext(ConnectionString)
Dim oDeduction as Deduction
oDeduction = oDb.Deductions.Where(Function(D) D.DedID = dedid).Single
oDeduction.IncomeTax = Income_Tax.Text
oDeduction.SalesTax = Sales.Text
oDeduction.ServiceTax = Service.Text
oDeduction.LabourCess = Labour_Cess.Text
oDeduction.SocityTax = Society.Text
oDeduction.ESIC = ESIC.Text
oDeduction.EPF = EPF.Text
oDeduction.Security = Security.Text
oDeduction.FinYear = Fin_Year.SelectedValue
oDeduction.Condition1 = Cond1.Text
oDeduction.Condition2 = Cond2.Text
oDeduction.Condition3 = Cond3.Text
oDb.SaveChanges()
End Using
请注意,我只是用TextPad中的内存将其拼凑在一起-它未经测试,语法可能不完全正确。这只是概念的一个示例。谢谢大家的支持,但我找到了我的观点
If Session("login") = Nothing Then
FormsAuthentication.SignOut()
Session.Abandon()
Session.RemoveAll()
FormsAuthentication.RedirectToLoginPage()
ElseIf Not IsPostBack Then
Using con As SqlConnection = New SqlConnection(strConnString)
Using cmd As SqlCommand = New SqlCommand
cmd.Connection = con
cmd.CommandType = CommandType.Text
cmd.CommandText = "Select * from Deduction where CompID = '" + Session("Companydetl") + "'"
Dim dt As New DataTable()
con.Open()
Dim reader As SqlDataReader = cmd.ExecuteReader()
Try
dt.Load(reader)
Income_Tax.Text = dt.Rows(0).Item("IncomeTax").ToString.Trim()
Labour_Cess.Text = dt.Rows(0).Item("LabourCess").ToString.Trim()
ESIC.Text = dt.Rows(0).Item("ESIC").ToString.Trim()
EPF.Text = dt.Rows(0).Item("EPF").ToString.Trim()
Society.Text = dt.Rows(0).Item("SocityTax").ToString.Trim()
Service.Text = dt.Rows(0).Item("ServiceTax").ToString.Trim()
Sales.Text = dt.Rows(0).Item("SalesTax").ToString.Trim()
Security.Text = dt.Rows(0).Item("Security").ToString.Trim()
Fin_Year.SelectedValue = dt.Rows(0).Item("FinYear").ToString.Trim()
Cond1.Text = dt.Rows(0).Item("Condition1").ToString.Trim()
Cond2.Text = dt.Rows(0).Item("Condition2").ToString.Trim()
Cond3.Text = dt.Rows(0).Item("Condition3").ToString.Trim()
'Session("deductionid") = dt.Rows(0).Item("DedID").ToString.Trim()
con.Close()
Catch ex As Exception
MsgBox(ex.Message, vbOKOnly, "Error")
End Try
End Using
End Using
End If
Using con As SqlConnection = New SqlConnection(strConnString)
con.Open()
Using cmd As SqlCommand = New SqlCommand
cmd.Connection = con
cmd.CommandType = CommandType.Text
cmd.CommandText = "UPDATE Deduction SET IncomeTax=" + Income_Tax.Text + ", SalesTax=" + Sales.Text + ", ServiceTax=" + Service.Text + ", LabourCess=" + Labour_Cess.Text + ",
SocityTax=" + Society.Text + ", ESIC=" + ESIC.Text + ", EPF=" + EPF.Text + ", Security=" + Security.Text + ", FinYear=" + Fin_Year.SelectedValue + ",
Condition1='" + Cond1.Text + "', Condition2='" + Cond2.Text + "', Condition3='" + Cond3.Text + "' WHERE CompID = " + Session("Companydetl") + ""
Try
cmd.ExecuteNonQuery()
Catch ex As Exception
MsgBox(ex.Message, vbOKOnly, "Error")
End Try
End Using
con.Close()
End Using
在
中单击事件处理程序,在哪里设置dedid的值?那是我首先要看的地方;如果查询未返回任何结果,则没有要更新的记录。此外,SQL语句容易受到注入攻击。您需要对整个语句使用查询参数,而不仅仅是大部分语句。请帮助我防止SQL注入。建议一种方法。请注意:你就快到了。为语句中的最后两列添加参数,[CompID]
和[DedID]
。按现在的方式连接字符串会创建漏洞。搜索:在单击
事件处理程序中设置一个中断,逐步检查代码并确保dedid
包含您期望的值。此外,在调试时,在文本编辑器中构建SQL语句,并直接对数据库运行它(使用SSMS或类似工具)。查看您的.NET代码是否正在向数据库发送正确的SQL语句。我在SQL查询中尝试了该方法,并成功地使用数据执行了查询,甚至在页面的GRIDVIEW上也进行了尝试;数据正在显示。@AtulSharma-在单击事件处理程序的调试器中断模式下,您是否手动构造了SQL update语句?您能否验证数据库中确实有一行包含[DedID]
列中的值,该值等于DedID
变量中的值?@AtulSharma-以下是您的更新语句:update[declutation]SET[IncomeTax]=@IncomeTax[SalesTax]=@SalesTax[ServiceTax]=@ServiceTax[LabourCess]=@LabourCess,[SocityTax]=@SocityTax,[ESIC]=@ESIC,[EPF]=@EPF,[Security]=@Security,[FinYear]=@FinYear,[Condition1]=@Condition1,[Condition2]=@Condition2,[Condition3]=@Condition3,[CompID]=@companydtl其中[DedID]=@DedID
。使用文本编辑器,将@IncomeTax
替换为IncomeTax.text
中的值,将@salesax
替换为Sales.text
中的值,依此类推。对您的数据库运行该命令,看看您得到了什么。@AtulSharma-更好的做法是,放弃手动SQL并切换到实体框架。EF为您构建所有参数化查询,使您能够集中精力解决手头的业务问题,而不是像现在这样胡乱处理管道问题。