什么由于标准表达式C#中的数据类型不匹配而失败?
[英]whats failed due to data type mismatch in criteria expression c#?
问题描述
am trying to develop ac# standalone application and my insert code has no error but when i click it will insert to first table or crtPro perfectly but it didn't add to the second table , can anyone give me some hint...??? 
我正在尝试开发ac#独立应用程序,并且我的插入代码没有错误,但是当我单击它时,它将完美地插入到第一张表或crtPro中,但是没有添加到第二张表中,有人可以给我一些提示...吗? ? here is my code for insert code... 这是我的插入代码...
private void button1_Click(object sender, EventArgs e)
{
System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection();
conn.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;" +
@"Data source= C:\Documents and Settings\abel\My Documents\Visual Studio 2010\Projects\WindowsFormsApplication1\WindowsFormsApplication1\crt_db.accdb";
try
{
conn.Open();
String Name = txtName.Text.ToString();
String Address = txtAddress.Text.ToString();
//String Wereda = txtWereda.Text.ToString();
//String Kebele = txtKebele.Text.ToString();
//String House_No = txtHouse.Text.ToString();
//String P_O_BOX = txtPobox.Text.ToString();
String Tel = txtTel.Text.ToString();
//String Fax = txtFax.Text.ToString();
String Email = txtEmail.Text.ToString();
String Item = txtItem.Text.ToString();
String Dep = txtDep.Text.ToString();
String Status = ToString();
String Remark = txtRemark.Text.ToString();
String Type = txtType.Text.ToString();
String Brand = txtBrand.Text.ToString();
String License_No = txtlicense.Text.ToString();
String Date_issued = txtDate.Text.ToString();
String my_querry = "INSERT INTO crtPro(Name,Address,Email,Tel,Item,Dep,Status,Remark)VALUES('" + Name + "','" + Address + "','" + Email + "','" + Tel + "','" + Item + "','" + Dep + "','" + Remark + "')";
OleDbCommand cmd = new OleDbCommand(my_querry, conn);
cmd.ExecuteNonQuery();
conn.Close();
conn.Open();
String my_querry1 = "SELECT LAST(PID) FROM crtPro";
OleDbCommand cmd1 = new OleDbCommand(my_querry1, conn);
string var = cmd1.ExecuteScalar().ToString();
//txtStatus.Text = var;
String PID = ToString();
String my_querry2 = "INSERT INTO crtItemLicense(PID,Type,Brand,License_No,Date_issued)VALUES('" +PID + "','" + Type + "','" + Brand + "','" + License_No + "','" + Date_issued + "')";
OleDbCommand cmd2 = new OleDbCommand(my_querry2, conn);
cmd2.ExecuteNonQuery();
MessageBox.Show("Message added succesfully");
}
catch (Exception ex)
{
MessageBox.Show("Failed due to" + ex.Message);
}
finally
{
conn.Close();
}
}
1 个解决方案
解决方案1
0 2014-03-24 01:55:10
There are a couple of calls like: 有几个电话,例如:
String PID = ToString();
That will try to get a string representation of 'this', which is your form. 这将尝试获取“ this”的字符串表示形式,即您的表单。 That is probably not what you want to be inserting into the database. 那可能不是您想要插入数据库中的内容。 You probably meant 你可能是说
String PID = var.ToString();
If that isn't it, then try putting more tracewrites (or using a debugger) to narrow the problem down to find which one of your sql statements is causing the problem. 如果不是,那么尝试放置更多的tracewrites(或使用调试器)来缩小问题的范围,以找出导致问题的sql语句之一。
Also once you have it working, try entering this in the name field of your form: 同样,一旦您可以使用它,请尝试在表单的名称字段中输入以下内容:
Robert"); DROP TABLE crtPro;--
and then do some googling about SQL injection (apologies to XKCD ). 然后对SQL注入(对XKCD道歉)进行一些谷歌搜索。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.