[英]Getting error as Invalid column name C#.NET
I am new to C#.net. 我是C#.net的新手。 I am developing a small application where the data in one drop down list gets populated based on the value selected in another drop down list. 我正在开发一个小应用程序,其中一个下拉列表中的数据将根据在另一个下拉列表中选择的值进行填充。 Upon viewing the output, I am getting the error Invalid column name 'CategoryBasedList'
. 在查看输出时,我收到错误Invalid column name 'CategoryBasedList'
。 Can you please point out where I went wrong. 你能指出我哪里出错了。 I am attaching the code below. 我附上下面的代码。 Thanks in advance. 提前致谢。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
public partial class UserLogin : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
populate();
}
}
protected void ddlCategoryBasedList_SelectedIndexChanged(object sender, EventArgs e)
{
}
protected void ddlListOfBooks_SelectedIndexChanged(object sender, EventArgs e)
{
string constr = ConfigurationManager.ConnectionStrings["CONN_STR"].ToString();
SqlConnection con = new SqlConnection(constr);
con.Open();
SqlCommand com = new SqlCommand("Select distinct(CategoryBasedList) from Category where CategoryList = '" + (ddlListOfBooks.SelectedValue).ToString() + "'", con);
SqlDataAdapter da = new SqlDataAdapter(com);
DataSet ds = new DataSet();
da.Fill(ds);
ddlCategoryBasedList.DataTextField = ds.Tables[0].Columns["CategoryBasedList"].ToString();
ddlCategoryBasedList.DataSource = ds.Tables[0];
ddlCategoryBasedList.DataBind();
}
protected void SqlDataSource1_Selecting(object sender, SqlDataSourceSelectingEventArgs e)
{
}
public void populate()
{
string constr = ConfigurationManager.ConnectionStrings["CONN_STR"].ToString();
SqlConnection con = new SqlConnection(constr);
con.Open();
SqlCommand com = new SqlCommand(" Select distinct(CategoryList) from Category", con);
SqlDataAdapter da = new SqlDataAdapter(com);
DataSet ds = new DataSet();
da.Fill(ds);
ddlListOfBooks.DataTextField = ds.Tables[0].Columns["CategoryList"].ToString();
ddlListOfBooks.DataSource = ds.Tables[0];
ddlListOfBooks.DataBind();
}
}
The database structure of the above mentioned table - CATEGORY is as follows. 上述表格的数据库结构 - CATEGORY如下。
CREATE TABLE [dbo].[Category](
[[CategoryBasedList]]] [varchar](100) NOT NULL,
[CategoryList] [varchar](100) NOT NULL,
[Authors] [varchar](100) NULL
) ON [PRIMARY]
GO
SET ANSI_PADDING OFF
GO
Your slq tries to acces a column that is not there: 您的slq尝试访问不存在的列:
new SqlCommand(@"
Select distinct(CategoryBasedList) from Category
where CategoryList = '" + (ddlListOfBooks.SelectedValue).ToString() + "'", con);
check the columnname in the table Category
: according to your DDL your DB-Column is named [CategoryBasedList]
. 检查表中的列名Category
:根据您的DDL,您的DB-Column被命名为[CategoryBasedList]
。
After fixing that, google Sql Injection and/or read Why do we always prefer using parameters in SQL statements? 修复之后,谷歌Sql注入和/或阅读为什么我们总是喜欢在SQL语句中使用参数? Use SqlParameters
to supply parameters to your sql-statements. 使用SqlParameters
为sql语句提供参数。
Additionally you should start using using(var con = new SqlConnection(constr)) { ..... }
to correctly dispose of your IDIsposable-Implementing DB-Objects in case they throw exceptions. 此外,您应该开始使用using(var con = new SqlConnection(constr)) { ..... }
来正确处理您的IDIsposable-Implementing DB-Objects,以防它们抛出异常。
For pointers you can look here: in a "using" block is a SqlConnection closed on return or exception? 对于指针,您可以在这里查看: 在“using”块中,SqlConnection在返回或异常时关闭?
You need to sort out brackets around CategoryBasedList
. 您需要在CategoryBasedList
周围排序括号。 As you show it now, field name is actually [CategoryBasedList]]
, not as you might expect CategoryBasedList
. 正如您现在所示,字段名称实际上是[CategoryBasedList]]
,而不是您可能期望的CategoryBasedList
。 Just rename that column name to remove extra brackets and you should be good to go. 只需重命名该列名称以删除额外的括号,您应该好好去。
Also, as already mentioned, you need to be aware about SQL Injections . 另外,如前所述,您需要了解SQL注入 。 Instead of constructing query by string concatination you need to use SQL Parameters 不是通过字符串连接构造查询,而是需要使用SQL参数
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.