[英]Beginner C#, Adding data to table
我試圖通過在asp.net文本字段和下拉框中輸入或單擊的數據將數據添加到數據庫表“模塊”中。 當我單擊更新按鈕時,它將按編碼重定向到“ all-modules.aspx”頁面,但沒有將數據輸入數據庫(表)。 我是否可以正確使用INSERT語句? 我覺得我應該對該語句做一些不同的事情,並且可能正在引用一個尚未創建的存儲過程。 請記住,我是C#和asp.net的新手,這可能是一個愚蠢的問題,但我被困住了。
asp.net
<asp:Content ContentPlaceHolderID="menu" runat="Server">
<!-- Your Code goes here -->
</asp:Content>
<asp:Content ContentPlaceHolderID="main_content" runat="Server">
<div class="row">
<div class="col-12">
<h1>
<asp:SqlDataSource ID="semesterlist" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT semester FROM semesters"></asp:SqlDataSource>
<asp:SqlDataSource ID="yearlist" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT year_title FROM year"></asp:SqlDataSource>
<asp:SqlDataSource ID="modulestatus" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT modulestatus FROM modulestatus"></asp:SqlDataSource>
<asp:SqlDataSource ID="compulsorylist" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT compulsory FROM courses_vs_modules"></asp:SqlDataSource>
Add Module</h1>
<h5 class="subheading">Please use the form below to add a module:</h5>
<div class="feedback blue" id="feedback" runat="server" visible="false">
<asp:Label ID="feedback_text" runat="server" Text=""></asp:Label>
</div>
</div>
</div>
<div class="col-9">
<div class="panel">
<h3>Fill out Module Details:</h3>
<h5>Module Name:</h5>
<asp:TextBox CssClass="full-width" ID="module_nametext" runat="server"></asp:TextBox>
<h5>Module Tutor:</h5>
<asp:TextBox CssClass="full-width" ID="module_tutortext" runat="server"></asp:TextBox>
<h5>Compulsory:</h5>
<asp:DropDownList CssClass="full-width" ID="compulsoryddl" runat="server">
<asp:ListItem Value="0">Optional</asp:ListItem>
<asp:ListItem Value="1">Compulsory</asp:ListItem>
</asp:DropDownList>
<h5>Semester:</h5>
<asp:DropDownList CssClass="full-width" ID="semesterddl" runat="server">
<asp:ListItem Value="1">Semester 1</asp:ListItem>
<asp:ListItem Value="2">Semester 2</asp:ListItem>
<asp:ListItem Value="3">Semester 3</asp:ListItem>
</asp:DropDownList>
<h5>Year:</h5>
<asp:DropDownList CssClass="full-width" ID="yearddl" runat="server" DataSourceID="yearlist" DataTextField="year_title" DataValueField="year_title"></asp:DropDownList>
<h5>Cats Points:</h5>
<asp:TextBox CssClass="full-width" ID="cats_pointstext" runat="server"></asp:TextBox>
<h5>Description:</h5>
<asp:TextBox CssClass="full-width" ID="descriptiontext" TextMode="MultiLine" runat="server" MaxLength="500"></asp:TextBox>
<h5>Module Status:</h5>
<asp:DropDownList CssClass="full-width" ID="modulestatusddl" runat="server" DataSourceID="modulestatus" DataTextField="modulestatus" DataValueField="modulestatus"></asp:DropDownList>
<asp:Button ID="updatebuttonmodule" runat="server" Text="Add Module" OnClick="updatebuttonmodule_Click" Visible="true"/>
</div>
</div>
</asp:Content>
C#
protected void updatebuttonmodule_Click(object sender, EventArgs e)
{
feedback.Visible = true;
feedback_text.Text = "Please ensure you've filled out all fields. ";
string module_name = module_nametext.Text;
string module_tutor = module_tutortext.Text;
string year = yearddl.SelectedValue;
string compulsory = compulsoryddl.SelectedValue;
string semester = semesterddl.SelectedValue;
string cats_points = cats_pointstext.Text;
string description = descriptiontext.Text;
string modulestatus = modulestatusddl.SelectedValue;
string ConnectionString = WebConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
SqlConnection myConnection = new SqlConnection(ConnectionString);
myConnection.Open();
string AddModule = "INSERT into modules (module_name,module_tutor,compulsory,semester,year,cats_points,description,module_status) " +
" VALUES ('" + module_name + "', '" + module_tutor + "', '" + compulsory + "' '" + semester + "', '" + year + "', '" + cats_points + "', '" + description + "', '" + modulestatus + "',);";
SqlCommand myCommand = new SqlCommand(AddModule, myConnection);
myCommand.Parameters.AddWithValue("@year", year);
myCommand.Parameters.AddWithValue("@module_name", module_name);
myCommand.Parameters.AddWithValue("@module_tutor", module_tutor);
myCommand.Parameters.AddWithValue("@compulsory", compulsory);
myCommand.Parameters.AddWithValue("@semester", semester);
myCommand.Parameters.AddWithValue("@cats_points", cats_points);
myCommand.Parameters.AddWithValue("@description", description);
myCommand.Parameters.AddWithValue("@modulestatus", modulestatus);
try
{
myCommand.ExecuteNonQuery();
}
catch {
myConnection.Close();
Response.Redirect("all-modules.aspx");
}
}
有一些問題。 您沒有在using
語句中包裝任何東西,您很容易受到Sql注入攻擊的影響,並且您有多余的代碼。 您在catch
塊期間正在重定向,這意味着出了點問題。 嘗試如下操作:
protected void updateButtonModule_Click(object sender, EventArgs e)
{
feedback.Visible = true;
feedback_text.Text = "Please ensure you've filled out all fields. ";
string connectionString = WebConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
using (var myConnection = new SqlConnection(connectionString)) // using automatically disposes of object
{
myConnection.Open();
string addModule = "INSERT into modules (module_name,module_tutor,compulsory,semester,year,cats_points,description,module_status)" +
"VALUES (@module_name,@module_tutor,@compulsory,@semester,@year,@cats_points,@description,@modulestatus)"; // use parameters to avoid sql injection
using (var myCommand = new SqlCommand(addModule, myConnection))
{
myCommand.Parameters.AddWithValue("@year", yearddl.SelectedValue);
myCommand.Parameters.AddWithValue("@module_name", module_nametext.Text);
myCommand.Parameters.AddWithValue("@module_tutor", module_tutortext.Text);
myCommand.Parameters.AddWithValue("@compulsory", compulsoryddl.SelectedValue);
myCommand.Parameters.AddWithValue("@semester", semesterddl.SelectedValue);
myCommand.Parameters.AddWithValue("@cats_points", cats_pointstext.Text);
myCommand.Parameters.AddWithValue("@description", descriptiontext.Text);
myCommand.Parameters.AddWithValue("@modulestatus", modulestatusddl.SelectedValue);
try
{
myCommand.ExecuteNonQuery();
}
catch (SqlException ex) // catch specific exceptions
{
// do something with error here
// Response.Write(ex.Message);
}
}
}
Response.Redirect("all-modules.aspx");
}
另外,您應該為DataAccess擁有一個單獨的項目,並引用該項目,而不是在后面的代碼中建立連接。 因此,該按鈕代碼實際上應該類似於provider.Update(params);
這引起了人們的注意,但這是一個不同的問題。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.