使用文本框将数据插入数据库表
我正在尝试将数据插入表中,我看到的代码片段似乎对那个人有用,但对我来说! 我不知道我做错了什么,因为我不知道asp.net的数据库处理。 有人可以告诉我代码有什么问题吗?
public partial class CompanyLogin : System.Web.UI.Page { protected void Button1_Click(object sender, EventArgs e) { OdbcConnection conn = new OdbcConnection(); conn.ConnectionString = @".\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\VCtemps.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"; string sql = "insert into company values(@CompName, @BusinessType, @Pword)"; OdbcCommand cmd = new OdbcCommand(sql); string CompName = txtCompName.Text; string BusinessType = DropDownList1.Text; string Pword = txtPassword.Text; cmd.Connection = conn; cmd.CommandText = "insert into company(CompName, BusinessType, Pword) Values(@CompName,@BusinessType,@Pword);"; cmd.Parameters.AddWithValue("@CompName",SqlDbType.VarChar); cmd.Parameters.AddWithValue("@BusinessType",SqlDbType.VarChar); cmd.Parameters.AddWithValue("@Pword",SqlDbType.VarChar); cmd.ExecuteNonQuery(); conn.Close(); txtCompName.Text = ""; txtPassword.Text = ""; DropDownList1.Text = ""; } } 我修复了代码,感谢你们,但是当我运行它或者单击注册按钮时,我收到以下错误
ExecuteNonQuery需要一个开放且可用的连接。 连接的当前状态已关闭
您可以by deleting values来调整查询
cmd.CommandText = "insert into company(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')
Nota:我建议你也使用SqlCommand.Parameters.AddWithValue method
并添加此代码:
cmd.CommandText = "insert into company(CompName, BusinessType, Pword) Values(@CompName,@BusinessType,@Pword);" cmd.Parameters.AddWithValue("@CompName",); cmd.Parameters.AddWithValue("@BusinessType",); cmd.Parameters.AddWithValue("@Pword",); cmd.ExecuteNonQuery();
尝试更改以下内容:
conn.ConnectionString = "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\VCtemps.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True";
至:
conn.ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\VCtemps.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True";
和:
cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')
至:
cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')";
额外:
您应该使用参数化查询。 永远不要将用户输入直接传递给SQL语句,因为您将容易受到SQL注入攻击。
string commandText = "insert into company values(CompName, BusinessType, Pword) values(@CompName, @BusinessType, @Pword)"; SqlCommand command = new SqlCommand(commandText, connection); command.Parameters.Add("@CompName", SqlDbType.VarChar); command.Parameters.Add("@BusinessType", SqlDbType.VarChar); command.Parameters.Add("@PWord", SqlDbType.VarChar);
cmd.CommandText =“插入公司值(CompName,BusinessType,Pword)值(’”+ CompName +“’,’”+ BusinessType +“’,’”+ Pword +“’”);
试试这个….
检查以cmd.CommandText开头的行,以cmd.CommandText引号中的错误。
您可以尝试使用String.Format方法,如下所示:
cmd.CommandText = String.Format("insert into company values(CompName, BusinessType, Pword) values('{0}','{1}','{2}')",CompName,BusinessType,Pword);
我发现这有助于我更容易地跟踪连接变量。
- 在将来的代码中使用sql命令中的参数!! 见例子 。
- 在整个字符串前面用@转义连接字符串,或者在需要转义的符号之前用’\’转义。 例子 。
-
cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')缺失";到底。 -
string sql = "insert into company values(@CompName, @BusinessType, @Pword)"; OdbcCommand cmd = new OdbcCommand(sql);
和
cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')
两者都设置 CommandText,因此您可以删除sql并进行更改
OdbcCommand cmd = new OdbcCommand(sql);toOdbcCommand cmd = new OdbcCommand();
- 连接没有打开
- 带参数化查询的不必要的
sql字符串 - 查询中的语法错误(CommandText)
。
protected void Button1_Click(object sender, EventArgs e) { OdbcConnection conn = new OdbcConnection(); conn.ConnectionString = "Data Source=.\SQLEXPRESS; AttachDbFilename=|DataDirectory|\VCtemps.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True"; OdbcCommand cmd = new OdbcCommand(); string CompName = txtCompName.Text; string BusinessType = DropDownList1.Text; string Pword = txtPassword.Text; conn.Open(); cmd.Connection = conn; cmd.CommandText = "insert into company (CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')"; cmd.ExecuteNonQuery(); conn.Close(); txtCompName.Text = ""; txtPassword.Text = ""; DropDownList1.Text = ""; }
检查以下样本。 还将您的连接和命令包含在using clause
string yourConnectionString=""; int result=0; using(OdbcConnection conn = new OdbcConnection(yourConnectionString)) { string sql = "insert into company values(@CompName, @BusinessType, @Pword)"; using (OdbcCommand cmd=new OdbcCommand(sql,conn)) { cmd.Parameters.AddWithValue("@CompName",txtCompName.Text); cmd.Parameters.AddWithValue("@BusinessType",DropDownList1.SelectedValue); cmd.Parameters.AddWithValue("@Pword ",txtPassword.Text); conn.Open(); result=cmd.ExecuteNonQuery(); } conn.Close(); if(result >0) { txtCompName.Text = ""; txtPassword.Text = ""; DropDownList1.SeletedIndex = -1; } }