Warning: file_get_contents(/data/phpspider/zhask/data//catemap/4/oop/2.json): failed to open stream: No such file or directory in /data/phpspider/zhask/libs/function.php on line 167

Warning: Invalid argument supplied for foreach() in /data/phpspider/zhask/libs/tag.function.php on line 1116

Notice: Undefined index: in /data/phpspider/zhask/libs/function.php on line 180

Warning: array_chunk() expects parameter 1 to be array, null given in /data/phpspider/zhask/libs/function.php on line 181
webmatrix sql方法中的asp.net razor_Sql_Asp.net_Razor_Ado.net_Asp.net Webpages - Fatal编程技术网
Fatal编程技术网
  • sql/
  • webmatrix sql方法中的asp.net razor

webmatrix sql方法中的asp.net razor

sql asp.net razor

webmatrix sql方法中的asp.net razor,sql,asp.net,razor,ado.net,asp.net-webpages,Sql,Asp.net,Razor,Ado.net,Asp.net Webpages,(var query4)是否有任何问题,因为aps desn没有显示任何消息,但它无法将数据插入到相关表中 @{ var userId = Request["UserId"]; var Type = Request["type"]; var db = Database.Open("intranet"); if(Type == "delete") { var query = "UPDATE Personne SET Demande = 'refus

(var query4)是否有任何问题,因为aps desn没有显示任何消息,但它无法将数据插入到相关表中

@{
    var userId = Request["UserId"];
    var Type = Request["type"];
    var db = Database.Open("intranet");
    if(Type == "delete")
    {

    var query = "UPDATE Personne SET Demande = 'refuser' WHERE UserId = '" + userId + "'";
    db.Execute(query);

     var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
    db.Execute(query2);
   }
    else if(Type == "accepte")
    {


        var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'";
        db.Execute(query);

        var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
        db.Execute(query2);


        var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'";
        db.Execute(query4);
    }
}
当我在代码中添加注释时,它也会起作用:

   /* var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'";
    db.Execute(query);

    var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
    db.Execute(query2);*/


    var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'";
    db.Execute(query4);
}
您正在删除DemandPage中与要插入到CongeAccept中的用户相关的所有内容,因此当用户尝试插入查询时,没有任何内容可插入。更改语句的顺序并使用参数:

@{
    var userId = Request["UserId"];
    var Type = Request["type"];
    var db = Database.Open("intranet");
    if(Type == "delete")
    {

    var query = "UPDATE Personne SET Demande = 'refuser' WHERE UserId = @0";
    db.Execute(query, userId);

     var query2 = "DELETE from DemandeConge where UserId = @0";
    db.Execute(query2, userId);
   }
    else if(Type == "accepte")
    {
        var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = @0";
        db.Execute(query, userId);

        var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = @0";
        db.Execute(query4, userId);

        var query2 = "DELETE from DemandeConge where UserId = @0";
        db.Execute(query2, userId);
    }
}
警告您的代码容易受到sql注入攻击。是的,我知道这只是考试的练习^^