如何上传到数据库SQL Server?其中是可能的编码错误
本文关键字:错误 编码 数据库 Server SQL | 更新日期: 2023-09-27 18:16:40
string fname=""; <----- Global variable
HtmlInputFile file = (HtmlInputFile)place.FindControl("f_upload");
if (filename.Value.Equals(""))
{
span1.InnerHtml = "<b>Error Message : A File Name must be enter </b>";
return;
}
if (file.PostedFile.ContentLength > 0)
{
try
{
file.PostedFile.SaveAs("c:''WADUploadFile''" + filename.Value);
fname = "c:''WADUploadFile''" + filename.Value;
//checking fname value
Response.Write(fname);
span1.InnerHtml = "File is uploaded successfully to" + "<b>C:''WADUploadFile''" +
filename.Value + "</b>at the server";
}
catch (Exception exc)
{
span1.InnerHtml = "Error occured while saving file to" +
"<b>c:''WADUploadFile''" + filename.Value + "</b><br/>" + "[ " +
exc.ToString() + " ]";
}
}
string sql1 = "INSERT INTO Thread (Th_id, Th_poster, Th_date) VALUES (@id, @poster, @date)";
string sql2 = "INSERT INTO ThreadCommend(C_id,C_content,C_upload,T_id,Th_id)Values(@Cid,@Ccontent,@Cupload,@Tid,@Thid)";
con.Open();
SqlCommand cmd1 = new SqlCommand(sql1, con);
cmd1.Parameters.AddWithValue("@id", threadId);
cmd1.Parameters.AddWithValue("@poster", tempPoster);
cmd1.Parameters.AddWithValue("@date", DateTime.Now);
SqlCommand cmd2 = new SqlCommand(sql2, con);
cmd2.Parameters.AddWithValue("@Cid", commendId);
cmd2.Parameters.AddWithValue("@Ccontent", txt);
cmd2.Parameters.AddWithValue("@Cupload", fname.ToString());
cmd2.Parameters.AddWithValue("@Tid", topicId);
cmd2.Parameters.AddWithValue("@Thid", threadId);
//SqlDataAdapter daInsert = new SqlDataAdapter();
//daInsert.InsertCommand = cmdInsertDesc.ToString();
int x = cmd1.ExecuteNonQuery();
con.Close();
con.Open();
int y = cmd2.ExecuteNonQuery(); <--- Error appear here
string note = "Topic added sucussfully";
if (x > 0)
{
Response.Write(note.ToString());
//Response.Write(x.ToString());
}
if (y > 0)
{
Response.Write(note.ToString());
//Response.Write(x.ToString());
}
con.Close();
我的问题是:我如何上传到SQL Server数据库?对于不同的物体ExecuteNonQuery 2次会有问题吗?
错误信息:
用户代码未处理SqlException
参数化查询'(@Cid int,@Ccontent nvarchat(6),@Cuploadnvarchar(4000),@Tid int期望参数"@Cupload",而不是供应。
我的代码有什么问题,我不能添加添加数据到数据库?T.T
这是一个旧线程,我相信你找到了一个修复,但它看起来像你可能有一个注入问题。尝试使用SqlDataAdapter为每个参数指定一个数据类型。
不确定您的数据类型是什么,但它应该看起来像这样。还要使用using语句,这样您就不必关闭/处置连接
using (con)
{
con.Open();
SqlDataAdapter cmd1 = new SqlDataAdapter();
cmd1 = new SqlCommand(sql1, con);
cmd1.InsertCommand.Parameters.Add("@id", SqlDbType.Int).Value = threadId;
cmd1.InsertCommand.Parameters.Add("@poster", SqlDbType.NVarChar).Value = tempPoster;
cmd1.InsertCommand.ExecuteNonQuery();
SqlDataAdapter cmd2 = new SqlDataAdapter();
cmd2 = new SqlCommand(sql2, con);
cmd2.InsertCommand.Parameters.Add("@Cid", SqlDbType.Int).Value = commendId;
cmd2.InsertCommand.Parameters.Add("@Ccontent", SqlDbType.Nvarchar).Value = txt;
cmd2.InsertCommand.Parameters.Add("@Cupload", SqlDbType.Nvarchar).Value = fname.ToString();
cmd2.InsertCommand.Parameters.Add("@Tid", SqlDbType.Int).Value = topicId;
cmd2.InsertCommand.Parameters.Add("@Thid", SqlDbType.Int).Value = threadId;
cmd2.InsertCommand.ExecuteNonQuery();
}