webmatrix sql方法中的asp.net razor
(var query4)是否有任何问题,因为aps desn没有显示任何消息,但它无法将数据插入到相关表中webmatrix sql方法中的asp.net razor,sql,asp.net,razor,ado.net,asp.net-webpages,Sql,Asp.net,Razor,Ado.net,Asp.net Webpages,(var query4)是否有任何问题,因为aps desn没有显示任何消息,但它无法将数据插入到相关表中 @{ var userId = Request["UserId"]; var Type = Request["type"]; var db = Database.Open("intranet"); if(Type == "delete") { var query = "UPDATE Personne SET Demande = 'refus
@{
var userId = Request["UserId"];
var Type = Request["type"];
var db = Database.Open("intranet");
if(Type == "delete")
{
var query = "UPDATE Personne SET Demande = 'refuser' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);
}
else if(Type == "accepte")
{
var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);
var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'";
db.Execute(query4);
}
}
当我在代码中添加注释时,它也会起作用:
/* var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);*/
var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'";
db.Execute(query4);
}
您正在删除DemandPage中与要插入到CongeAccept中的用户相关的所有内容,因此当用户尝试插入查询时,没有任何内容可插入。更改语句的顺序并使用参数:
@{
var userId = Request["UserId"];
var Type = Request["type"];
var db = Database.Open("intranet");
if(Type == "delete")
{
var query = "UPDATE Personne SET Demande = 'refuser' WHERE UserId = @0";
db.Execute(query, userId);
var query2 = "DELETE from DemandeConge where UserId = @0";
db.Execute(query2, userId);
}
else if(Type == "accepte")
{
var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = @0";
db.Execute(query, userId);
var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = @0";
db.Execute(query4, userId);
var query2 = "DELETE from DemandeConge where UserId = @0";
db.Execute(query2, userId);
}
}
警告您的代码容易受到sql注入攻击。是的,我知道这只是考试的练习^^