堆栈内存溢出
  简体   繁体   English

c# 更新数据库问题

[英]c# updating database problem

 原文  2011-06-28 07:05:01       c#/ mysql

问题描述

I am trying to update a set of data onButtonClick.我正在尝试更新一组数据 onButtonClick。 i have a username, date of birth, with CurrentEmailAddress, NewEmailAdrress, ConfirmNewEmailAddress我有一个用户名、出生日期、CurrentEmailAddress、NewEmailAddress、ConfirmNewEmailAddress

Im trying to update all of them on a single click.我试图通过单击更新所有这些。 I am able to update the username, but i couldnt update the date of birth and email address.我可以更新用户名,但我无法更新出生日期和 email 地址。

Below is my c# code: do note that myDBmanager is to execute the update and it has no problem下面是我的 c# 代码:请注意 myDBmanager 是执行更新的,没有问题

 //SQL query
        string updateSQL = "UPDATE user_profile,user_login SET ";
        updateSQL += "user_profile.user_name = '" + txtUserName.Text + "', ";
        updateSQL += "user_profile.user_dob = '" + txtDateOfBirth.Text + "'";


            if (txtNewPassword.Text != " " && txtNewEmailAddress.Text == " ")
            {
                updateSQL += ", user_login.user_passw = '" + txtNewPassword.Text + "'";
            }
            else if (txtNewPassword.Text == " " && txtNewEmailAddress.Text != " ")
            {
                updateSQL += ", user_profile.user_email = '" + txtNewEmailAddress.Text + "'";

            }
            else if (txtNewPassword.Text != " " && txtNewEmailAddress.Text != " ")
            {
                updateSQL += ", user_login.user_passw = '" + txtNewPassword.Text + "',";
                updateSQL += "user_profile.user_email = '" + txtNewEmailAddress.Text + "'";
            }
            else { }

            updateSQL += " WHERE user_profile.user_profile_id = 1 ";
            updateSQL += " AND user_login.user_profile_id = 1 ;";
            updateSQL += Global.myDBManager.GetNewIndex();

            int update = Global.myDBManager.ExecuteSql(updateSQL);



        //Close connection
        Global.myDBManager.Disconnect();

2 个解决方案

解决方案1
 3 已采纳  2011-06-28 08:02:35

Listen to the comments in this question - what you are doing, aside from not actually working for you, is very dangerous, and ripe for SQL Injection attacks.听听这个问题中的评论 - 除了实际上不为您工作之外,您正在做的事情非常危险,并且对于 SQL 注入攻击已经成熟。 Google for "sql injection c#" and implement a solution - this article looks good: Google for "sql injection c#" 并实现了一个解决方案——这篇文章看起来不错:

http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx http://www.codeproject.com/KB/database/SqlInjectionAttacks.aspx

Once you've fixed that, you probably had/have some sort of simple code bug that is preventing your code from working, because your method (aside from the vulnerabilities) doesn't look too bad.一旦你解决了这个问题,你可能有/有某种简单的代码错误会阻止你的代码工作,因为你的方法(除了漏洞)看起来还不错。

Stick a breakpoint on the top of the method, and work through the method, making sure the sql string is being built up as expected.在方法的顶部放置一个断点,并完成该方法,确保 sql 字符串按预期构建。

Hope that helps!希望有帮助!

解决方案2
 0  2011-06-28 07:14:41

For checking empty string, use要检查空字符串,请使用

!string.IsNullOrWhiteSpace(txtNewPassword.Text)

instead of代替

txtNewPassword.Text != " "

Thanks Ashwani谢谢阿什瓦尼

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 在C#/ Visual Studio中通过DataAdapters /数据集更新数据库的问题 - Problem With Updating Database through DataAdapters/datasets in C#/Visual studio 使用c#更新asp.net中数据库表的问题 - Problem in updating database table in asp.net using c# 更新数据库C# - Updating the database c# C#ExecuteNonQuery不更新数据库 - C# ExecuteNonQuery not updating database 在C#中更新数据库命令 - Updating Database Command in C# C#和SQLCE数据库未更新 - C# and SQLCE Database Not Updating 数据库表未更新 c# - database Table is not updating c# 删除和更新数据库C# - Deleting and updating a database c# oracle数据库的C#问题 - C# problem with oracle database C#中还原数据库中的问题 - Problem In Restore Database In C#
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM