不能在C#ASP.NET中绑定多部分标识符“ TextBox1.Text”?
[英]The multi-part identifier “TextBox1.Text” could not be bound in C# ASP.NET?
问题描述
I'm doing a practice project for training; 
我正在做一个训练实习项目; my handler has specifically forbidden paramaterization and security-oriented coding for now, in the interest of getting the basics down. 为了降低基础知识,我的处理程序目前明确禁止参数化和面向安全的编码。 That being said, I've got a gridview on my homepage with a hyperlink field that takes the user to a page where they can edit the row data in textboxes. 就是说,我的主页上有一个gridview,其中包含一个超链接字段,该链接将用户带到一个页面,用户可以在其中编辑文本框中的行数据。 The row is displayed by the "ProductId" column, as it is autoincremented and unique. 该行由“ ProductId”列显示,因为该行是自动递增的并且是唯一的。 The values display perfectly, so I know my query string is fine, but when I attempt to update using the button event, I get an error message that says 值显示完美,所以我知道查询字符串很好,但是当我尝试使用button事件进行更新时,出现一条错误消息,内容为
The multi-part identifier "TextBox1.Text" could not be bound. 无法绑定多部分标识符“ TextBox1.Text”。
for all of my textboxes. 对于我所有的文本框。 My code is below. 我的代码如下。 What am I missing? 我想念什么? This is my first rodeo, so it may very well be basic and obvious to an experienced eye. 这是我的第一个牛仔竞技表演,因此对于有经验的眼睛来说,它很可能是基本的且显而易见的。
using System;
using System.Collections.Generic;
using System.Linq;
using System.Data;
using System.Data.Sql;
using System.Data.SqlClient;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
public partial class ViewEdit : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
string x = Request.QueryString["ProductId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
string editQuery = "SELECT CustId, CustName, SicNaic, CustCity, CustAdd, CustState, CustZip, BroName, BroId, BroAdd, BroCity, BroState, BroZip, EntityType, Coverage, CurrentCoverage, PrimEx, Retention, EffectiveDate, Commission, Premium, Comments FROM ProductInstance WHERE ProductId =" + x;
using (SqlConnection editConn = new SqlConnection(connectionString))
{
editConn.Open();
using (SqlCommand command = new SqlCommand(editQuery, editConn))
{
SqlDataReader dr = command.ExecuteReader();
dr.Read();
TextBox1.Text = dr.GetInt32(0).ToString();
TextBox2.Text = dr.GetString(1);
TextBox3.Text = dr.GetString(2);
TextBox4.Text = dr.GetString(3);
TextBox5.Text = dr.GetString(4);
TextBox6.Text = dr.GetString(5);
TextBox7.Text = dr.GetInt32(6).ToString();
TextBox8.Text = dr.GetString(7);
TextBox9.Text = dr.GetInt32(8).ToString();
TextBox10.Text = dr.GetString(9);
TextBox11.Text = dr.GetString(10);
TextBox12.Text = dr.GetString(11);
TextBox13.Text = dr.GetInt32(12).ToString();
TextBox14.Text = dr.GetString(13);
TextBox15.Text = dr.GetInt32(14).ToString();
TextBox16.Text = dr.GetInt32(15).ToString();
TextBox17.Text = dr.GetInt32(16).ToString();
TextBox18.Text = dr.GetInt32(17).ToString();
TextBox19.Text = dr.GetDateTime(18).ToString();
TextBox20.Text = dr.GetInt32(19).ToString();
TextBox21.Text = dr.GetInt32(20).ToString();
TextBox22.Text = dr.GetString(21);
}
}
}
protected void Button1_Click(object sender, EventArgs e)
{
string x = Request.QueryString["ProductId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
string updateQuery = "UPDATE ProductInstance SET CustId = TextBox1.Text, CustName = TextBox2.Text, SicNaic =TextBox3.Text, CustCity = TextBox4.Text, CustAdd = TextBox5.Text, CustState = TextBox6.Text, CustZip = TextBox7.Text, BroName = TextBox8.Text, BroId = TextBox9.Text, BroAdd = TextBox10.Text, BroCity = TextBox11.Text, BroState = TextBox12.Text, BroZip = TextBox13.Text, EntityType = TextBox14.Text, Coverage = TextBox15.Text, CurrentCoverage = TextBox16.Text, PrimEx = TextBox17.Text, Retention = TextBox18.Text, EffectiveDate = TextBox19.Text, Commission = TextBox20.Text, Premium = TextBox21.Text, Comments = TextBox22.Text WHERE ProductId =" + x;
using (SqlConnection updateConn = new SqlConnection(connectionString))
{
updateConn.Open();
{
using (SqlCommand command = new SqlCommand(updateQuery, updateConn))
{
command.ExecuteNonQuery();
}
}
}
}
}
3 个解决方案
解决方案1
4 2011-04-17 22:59:29
Use parameters to do this. 使用参数来执行此操作。 Otherwise you are wide-open for SQL injection. 否则,您可以进行SQL注入。
SQLCommand cmd = new SQLCommand();
cmd.CommandText = "UPDATE ProductInstance SET CustId = @CustID WHERE .... ";
cmd.Parameters.AddWithValue("@CustID", TextBox1.Text);
cmd.ExecuteNonQuery();
解决方案2
2 已采纳 2011-04-17 22:54:20
You have to pass the value of the Text property of the TextBox controls to the query not the "TextBox.Text" as a string: 您必须将TextBox控件的Text属性的值作为字符串传递给查询,而不是“ TextBox.Text”:
string updateQuery = "UPDATE ProductInstance SET CustId = " + TextBox1.Text + ", CustName = '" + TextBox2.Text + "', .... " + x;
NOTE : 注意 :
If the value of the "Text" property was a string the you have to place a ' on the two sides of the value like in the example above. 如果“ Text”属性的值是一个字符串,则必须像上面的示例一样在该值的两侧放置一个' 。
解决方案3
2 2011-04-17 22:54:33
Your query will be executed as is, Textbox*.Text won't be replaced. 您的查询将按原样执行, Textbox*.Text不会替换Textbox*.Text 。 You will have to use SQL Parameters or use a string Builder or string.Format to generate your query string. 您将必须使用SQL参数或使用字符串生成器或string.Format来生成查询字符串。
const string queryFormat = "UPDATE ProductInstance SET CustId = {0}, CustName = '{1}', ... WHERE ProductId = {n}";
var query = string.Format(queryFormat, Textbox1.Text,
Textbox2.Text,
...,
TextboxN.Text, x);
Make sure you generate a valid SQL Update query. 确保您生成有效的SQL Update查询。 Something like CustCity = TextBox4.Text will fail if Textbox4.Text is a string. 如果Textbox4.Text是字符串,诸如CustCity = TextBox4.Text将失败。 You will have to add quotes where needed CustCity = '" + TextBox4.Text + "'" 您将必须在需要的CustCity = '" + TextBox4.Text + "'"添加引号CustCity = '" + TextBox4.Text + "'"
Even if you can not use parameters or ORMs I would recommend you to name your textboxes other than TextboxN. 即使您不能使用参数或ORM,我也建议您为TextboxN以外的其他文本框命名。
Furthermore I don't get how this code would work if you are using a grid view? 此外,如果您使用的是网格视图,我不知道此代码将如何工作? You are only populating one row? 您只填充一行?
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.