我用c#编写了下面的代码来在asp.net中插入数据.但是我在代码中发现了错误.你能帮我一下吗?

本文关键字：代码错误发现一下插入 asp 数据我用 net | 更新日期: 2023-09-27 18:19:00

protected void btnAuctionInfo_Click(object sender, EventArgs e)
{
    try
    {
        //Database connection
        System.Data.SqlClient.SqlConnection sqlConnection1 = new System.Data.SqlClient.SqlConnection("Data Source=Reshani;Initial Catalog=JKPLC;Integrated Security=True");
        System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand();
        cmd.CommandType = System.Data.CommandType.Text;
        //insert function
        cmd.CommandText = @"INSERT into [Auction_Details] (year,sale_no,sale_Date,lot_no,quantity_sold,value,buyer_name,sample_id,broker_id) VALUES(@year,@sale_no,@Sale_date,@lot_no,@lot_no_quantity,@value,'@buyer_name',null,null)";
        cmd.Connection = sqlConnection1;
        sqlConnection1.Open();
        cmd.ExecuteNonQuery();
        Response.Redirect("homeforStaff.aspx.cs");
        sqlConnection1.Close();
    }
    catch (Exception ex)
    {
        Response.Write("Error :" + ex);
    }
}

您最大的问题是您没有为您的命令分配任何SqlParameter。仅仅在字符串中使用@something是不够的。但这并不是唯一的问题。请看下面我对你的代码的编辑，仔细阅读注释:

protected void btnAuctionInfo_Click(object sender, EventArgs e)
{
    try
    {
        //Put Disposable resources in "using" blocks to automatically handle clean up.
        //Assign connection to command in the constructor
        using(System.Data.SqlClient.SqlConnection sqlConnection1 = new System.Data.SqlClient.SqlConnection("Data Source=Reshani;Initial Catalog=JKPLC;Integrated Security=True"))
        using(System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(sqlConnection1))
        {
            cmd.CommandType = System.Data.CommandType.Text;
            //Do not use any quotes around parameters.
            cmd.CommandText = @"INSERT into [Auction_Details] (year,sale_no,sale_Date,lot_no,quantity_sold,value,buyer_name,sample_id,broker_id) VALUES(@year,@sale_no,@Sale_date,@lot_no,@lot_no_quantity,@value,@buyer_name,null,null)";
            //Create parameters
            //SqlDbType is assumed, only you know what data type your parameters are so alter accordingly
            SqlParameter p_year = new SqlParameter("@year", SqlDbType.SmallInt);
            //Set parameter value. Only you know where this value comes from. You can't run the INSERT without assigning values to parameters.
            p_year.Value = 2000;
            //Add eaach parameter to the command
            cmd.Parameters.Add(p_year);
            //Add the other 6 parameters here.....
            sqlConnection1.Open();
            cmd.ExecuteNonQuery();
            //the proper way to Redirect in Asp.Net
            //You do not redirect to .cs files, you request .aspx
            Response.Redirect("homeforStaff.aspx", false);
            Context.ApplicationInstance.CompleteRequest();
        }
    }
    catch (Exception ex)
    {
        //Exception objects have a reasonably good ToString override
        //so make it easy on yourself and just use it.
        Response.Write("Error :" + ex.ToString());
    }
}