插入语句不起作用
[英]insert statement wont work
问题描述
Hey guys I get no errors from my code but nothing seems to happen when i try my insert statement below? 
大家好,我的代码没有错误,但是当我尝试下面的插入语句时,似乎什么也没发生?
Not sure if its how I wrapped my textbox or if its my FriendID query string? 不知道它是如何包装文本框还是它的FriendID查询字符串?
protected void Button1_Click(object sender, EventArgs e)
{
string friendid = Request.QueryString["FriendID"];
string theUserId = Session["UserID"].ToString();
using (OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=***; User=***; Password=***;"))
{
cn.Open();
using (OdbcCommand cmd = new OdbcCommand("INSERT INTO WallPosting (UserID, Wallpostings, FriendUserID) VALUES (" + friendid + ", '" + TextBox1.Text + "', " + theUserId + ")", cn))
{
cmd.ExecuteNonQuery();
}
}
PopulateWallPosts(friendid);
}
}
2 个解决方案
解决方案1
4 已采纳 2011-04-03 12:10:34
You switched your variables, according to the field names it should be: 您根据字段名称切换了变量,它应该是:
using (OdbcCommand cmd = new OdbcCommand("INSERT INTO WallPosting (UserID, Wallpostings, FriendUserID) VALUES (" + theUserId + ", '" + TextBox1.Text + "', " + friendid + ")", cn))
New record has been added, but for the wrong user so you didn't find it later when reloading the posts. 新的记录已添加,但对于错误的用户,所以你后来没有重装职位时找到它。
As you've been told already deal with the SQL Injection risk by using Parameters instead of directly adding the values to the SQL string. 如您所知,已经通过使用Parameters而不是直接将值添加到SQL字符串来处理SQL注入风险。
解决方案2
0 2011-04-03 12:12:19
"INSERT INTO WallPosting (UserID, Wallpostings, FriendUserID) VALUES (" + friendid + ", '" + TextBox1.Text + "', " + theUserId + ")"
becomes 变
"INSERT INTO WallPosting (UserID, Wallpostings, FriendUserID) VALUES ('" + friendid + "', '" + TextBox1.Text + "', '" + theUserId + "')"
Have to qualify the strings using single quotes. 必须使用单引号将字符串限定。 otherwise they are treated as variables by the parser. 否则,解析器会将它们视为变量。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.