堆棧內存溢出
  簡體   English   中英

初學者C#,向表中添加數據

[英]Beginner C#, Adding data to table

 原文  2016-03-10 17:55:28       c#/ asp.net

問題描述

我試圖通過在asp.net文本字段和下拉框中輸入或單擊的數據將數據添加到數據庫表“模塊”中。 當我單擊更新按鈕時,它將按編碼重定向到“ all-modules.aspx”頁面,但沒有將數據輸入數據庫(表)。 我是否可以正確使用INSERT語句? 我覺得我應該對該語句做一些不同的事情,並且可能正在引用一個尚未創建的存儲過程。 請記住,我是C#和asp.net的新手,這可能是一個愚蠢的問題,但我被困住了。

asp.net 

<asp:Content ContentPlaceHolderID="menu" runat="Server">
    <!-- Your Code goes here -->
</asp:Content>

<asp:Content ContentPlaceHolderID="main_content" runat="Server">

    <div class="row">
        <div class="col-12">
            <h1>
                <asp:SqlDataSource ID="semesterlist" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT semester FROM semesters"></asp:SqlDataSource>
                <asp:SqlDataSource ID="yearlist" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT year_title FROM year"></asp:SqlDataSource>
                <asp:SqlDataSource ID="modulestatus" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT modulestatus FROM modulestatus"></asp:SqlDataSource>
                <asp:SqlDataSource ID="compulsorylist" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT compulsory FROM courses_vs_modules"></asp:SqlDataSource>
                Add Module</h1>
            <h5 class="subheading">Please use the form below to add a module:</h5>
            <div class="feedback blue" id="feedback" runat="server" visible="false">
                <asp:Label ID="feedback_text" runat="server" Text=""></asp:Label>
            </div>
        </div>
    </div>

        <div class="col-9">
            <div class="panel">
                <h3>Fill out Module Details:</h3>

                <h5>Module Name:</h5>
                <asp:TextBox CssClass="full-width" ID="module_nametext" runat="server"></asp:TextBox>

                <h5>Module Tutor:</h5>
                <asp:TextBox CssClass="full-width" ID="module_tutortext" runat="server"></asp:TextBox>

                <h5>Compulsory:</h5>
                <asp:DropDownList CssClass="full-width" ID="compulsoryddl" runat="server">
                <asp:ListItem Value="0">Optional</asp:ListItem>
                <asp:ListItem Value="1">Compulsory</asp:ListItem>
                </asp:DropDownList>

                <h5>Semester:</h5>
                <asp:DropDownList CssClass="full-width" ID="semesterddl" runat="server">
                <asp:ListItem Value="1">Semester 1</asp:ListItem>
                <asp:ListItem Value="2">Semester 2</asp:ListItem>
                <asp:ListItem Value="3">Semester 3</asp:ListItem>
                </asp:DropDownList>

                <h5>Year:</h5>
                <asp:DropDownList CssClass="full-width" ID="yearddl" runat="server" DataSourceID="yearlist" DataTextField="year_title" DataValueField="year_title"></asp:DropDownList>

                <h5>Cats Points:</h5>
                <asp:TextBox CssClass="full-width" ID="cats_pointstext" runat="server"></asp:TextBox>

                <h5>Description:</h5>
                <asp:TextBox CssClass="full-width" ID="descriptiontext" TextMode="MultiLine" runat="server" MaxLength="500"></asp:TextBox>

                <h5>Module Status:</h5>
                <asp:DropDownList CssClass="full-width" ID="modulestatusddl" runat="server" DataSourceID="modulestatus" DataTextField="modulestatus" DataValueField="modulestatus"></asp:DropDownList>

                <asp:Button ID="updatebuttonmodule" runat="server" Text="Add Module" OnClick="updatebuttonmodule_Click" Visible="true"/>

            </div>
        </div>

</asp:Content>

C# 

protected void updatebuttonmodule_Click(object sender, EventArgs e)
    {

        feedback.Visible = true;
        feedback_text.Text = "Please ensure you've filled out all fields. ";

        string module_name = module_nametext.Text;
        string module_tutor = module_tutortext.Text;
        string year = yearddl.SelectedValue;
        string compulsory = compulsoryddl.SelectedValue;
        string semester = semesterddl.SelectedValue;
        string cats_points = cats_pointstext.Text;
        string description = descriptiontext.Text;
        string modulestatus = modulestatusddl.SelectedValue;

        string ConnectionString = WebConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
        SqlConnection myConnection = new SqlConnection(ConnectionString);

        myConnection.Open();

        string AddModule = "INSERT into modules (module_name,module_tutor,compulsory,semester,year,cats_points,description,module_status) " +
                   " VALUES ('" + module_name + "', '" + module_tutor + "', '" + compulsory + "' '" + semester + "', '" + year + "', '" + cats_points + "', '" + description + "', '" + modulestatus + "',);";

        SqlCommand myCommand = new SqlCommand(AddModule, myConnection);

        myCommand.Parameters.AddWithValue("@year", year);
        myCommand.Parameters.AddWithValue("@module_name", module_name);
        myCommand.Parameters.AddWithValue("@module_tutor", module_tutor);
        myCommand.Parameters.AddWithValue("@compulsory", compulsory);
        myCommand.Parameters.AddWithValue("@semester", semester);
        myCommand.Parameters.AddWithValue("@cats_points", cats_points);
        myCommand.Parameters.AddWithValue("@description", description);
        myCommand.Parameters.AddWithValue("@modulestatus", modulestatus);

        try
        {
        myCommand.ExecuteNonQuery();
        }
        catch { 
        myConnection.Close();

        Response.Redirect("all-modules.aspx");
        }
    }

1 個解決方案

解決方案1
 1  2016-03-10 18:10:38

有一些問題。 您沒有在using語句中包裝任何東西,您很容易受到Sql注入攻擊的影響,並且您有多余的代碼。 您在catch塊期間正在重定向,這意味着出了點問題。 嘗試如下操作: 

protected void updateButtonModule_Click(object sender, EventArgs e)
{
    feedback.Visible = true;
    feedback_text.Text = "Please ensure you've filled out all fields. ";

    string connectionString = WebConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
    using (var myConnection = new SqlConnection(connectionString)) // using automatically disposes of object
    {
        myConnection.Open();

        string addModule = "INSERT into modules (module_name,module_tutor,compulsory,semester,year,cats_points,description,module_status)" +
                           "VALUES (@module_name,@module_tutor,@compulsory,@semester,@year,@cats_points,@description,@modulestatus)"; // use parameters to avoid sql injection

        using (var myCommand = new SqlCommand(addModule, myConnection))
        {
            myCommand.Parameters.AddWithValue("@year", yearddl.SelectedValue);
            myCommand.Parameters.AddWithValue("@module_name", module_nametext.Text);
            myCommand.Parameters.AddWithValue("@module_tutor", module_tutortext.Text);
            myCommand.Parameters.AddWithValue("@compulsory", compulsoryddl.SelectedValue);
            myCommand.Parameters.AddWithValue("@semester", semesterddl.SelectedValue);
            myCommand.Parameters.AddWithValue("@cats_points", cats_pointstext.Text);
            myCommand.Parameters.AddWithValue("@description", descriptiontext.Text);
            myCommand.Parameters.AddWithValue("@modulestatus", modulestatusddl.SelectedValue);

            try
            {
                myCommand.ExecuteNonQuery();
            }
            catch (SqlException ex) // catch specific exceptions
            { 
                // do something with error here
                // Response.Write(ex.Message); 
            }
        }
    }

    Response.Redirect("all-modules.aspx");
}

另外,您應該為DataAccess擁有一個單獨的項目,並引用該項目,而不是在后面的代碼中建立連接。 因此,該按鈕代碼實際上應該類似於provider.Update(params); 這引起了人們的注意,但這是一個不同的問題。

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 c#DataTable從表中添加數據 在C#中的數據表中添加行 C# 訪問 Class 數據,初學者問題 C#初學者問題 C#初學者程序 C#初學者幫助 C#wpf將新行添加到另一個數據表 C# 將數據添加到 SQL 表“指定的轉換無效。” C#繼承(入門) 數組C#的初學者
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM