sql查询不起作用:asp.net表单连接到数据库并插入数据
本文关键字:数据库 插入 数据 连接 表单 不起作用 查询 asp net sql | 更新日期: 2023-09-27 18:24:47
.aspx文件代码
<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
<div style="background-color:lightgray;font-family:'Comic Sans MS' ">
<br />
<h2 style="text-align:center;"> CONTACT <b><span style="color:red">L</span>EA<span style="color:darkgreen">P</span></b> DRIVING SCHOOL</h2>
<br />
<fieldset style="align-content:center; color:lightgray;text-align:center ">
<br /> <br />
<asp:Label ID="Label2" runat="server" Text="Name" ForeColor="Black"></asp:Label><br />
<asp:TextBox ID="TextBox1" runat="server" size="25" > </asp:TextBox> <%--<asp:RequiredFieldValidator
ID="rfvName" runat="server" ErrorMessage="Please enter Name"
ControlToValidate="TextBox1" Display="Dynamic" ForeColor="#FF3300"
SetFocusOnError="True"></asp:RequiredFieldValidator> --%> <br /> <br />
<asp:Label ID="Label3" runat="server" Text="mobile number" ForeColor="Black"></asp:Label> <br />
<asp:TextBox ID="TextBox2" runat="server" size="25" ForeColor="Black"></asp:TextBox> <%-- <asp:RequiredFieldValidator
ID="RequiredFieldValidator2" runat="server" ErrorMessage="Please enter Number"
ControlToValidate="TextBox2" Display="Dynamic" ForeColor="#FF3300"
SetFocusOnError="True"></asp:RequiredFieldValidator> --%> <br /> <br />
<asp:Label ID="Label4" runat="server" Text="Email" ForeColor="Black"></asp:Label> <br />
<asp:TextBox ID="TextBox3" runat="server" size="25" ></asp:TextBox> <%--<asp:RequiredFieldValidator ID="rfvEmailId" runat="server"
ControlToValidate="TextBox3" Display="Dynamic"
ErrorMessage="Please enter Email Id" ForeColor="Red" SetFocusOnError="True"></asp:RequiredFieldValidator>
<asp:RegularExpressionValidator ID="rgeEmailId" runat="server"
ControlToValidate="TextBox3" Display="Dynamic"
ErrorMessage="Please enter valid email id format" ForeColor="Red"
SetFocusOnError="True"
ValidationExpression="'w+([-+.']'w+)*@'w+([-.]'w+)*'.'w+([-.]'w+)*"></asp:RegularExpressionValidator> --%> <br /> <br />
<asp:Label ID="Label5" runat="server" Text="City" ForeColor="Black"></asp:Label> <br />
<asp:TextBox ID="TextBox4" runat="server" size="25" ></asp:TextBox> <br /> <br />
<asp:Label ID="Label6" runat="server" Text="Message" ForeColor="Black"></asp:Label> <br />
<asp:TextBox id="TextArea1" TextMode="multiline" Columns="27" Rows="8" runat="server" /> <br /> <br />
<asp:Button ID="Button1" runat="server" Text="Submit" Font-Bold="true" BackColor="Green" Width="83px" height="37px" OnClick="Button1_Click" />      
<asp:Button ID="Button2" runat="server" Text="Reset" Font-Bold="true" BackColor="red" Width="83px" height="37px"/>
<br /> <br />
<asp:Label ID="Label1" runat="server" Text=""></asp:Label>
</fieldset>
<br />
<br />
</div>
</asp:Content>
.css文件代码
protected void Button1_Click(object sender, EventArgs e)
{
// string connstring=ConfigurationManager.ConnectionStrings["yourconnstringInWebConfig"].ConnectionString;
// SqlConnection con = new SqlConnection();
// SqlConnection con = new SqlConnection();
// con.ConnectionString = "Data Source=ADMIN;Initial Catalog=contact;Integrated Security=True";
string insertSQL="INSERT INTO dbo.contct(" ;
insertSQL += "name,number,email,city,msg)";
insertSQL += "VALUES ('";
insertSQL += TextBox1.Text + "','";
insertSQL += TextBox2.Text + "','";
insertSQL += TextBox3.Text + "','";
insertSQL += TextBox4.Text + "','";
insertSQL += TextArea1.Text + "','";
SqlConnection con = new SqlConnection("Data Source=ADMIN;Initial Catalog=contact;Integrated Security=True");
SqlCommand cmd = new SqlCommand(insertSQL,con);
int added = 0;
try {
con.Open();
added = cmd.ExecuteNonQuery();
Label1.Text = added.ToString() + "successfuly your information is submitted thank you!!";
}
catch (Exception er)
{
Label1.Text = "error while inserting record";
Label1.Text = er.Message;
}
finally
{
con.Close();
}
}
}``
这是两个文件代码表单和sql查询,当用户提交按钮时,它应该向我在sql数据库中创建的表中添加值,但没有数据。没有值被提交。我尝试了很多次,但都不起作用。plz帮助我解决这个
您的插入查询sytax不正确,因此没有插入任何数据。VALUES()
中缺少右括号)
,当前您的查询被sql注入漏洞。我已经参数化了您的查询,并对您的代码进行了更改以反映这一点。还建议使用using
块来正确关闭和处理连接。
string myQuery = "INSERT INTO dbo.contct(name,number,email,city,msg) VALUES(@name, @number, @email, @city, @msg)";
using (var connection = new SqlConnection("YourConnectionString"))
{
using (var cmd = new SqlCommand(myQuery, connection))
{
cmd.Parameters.Add("@name", SqlDbType.NVarChar).Value = TextBox1.Text;
cmd.Parameters.Add("@number", SqlDbType.NVarChar).Value = TextBox2.Text;
cmd.Parameters.Add("@email", SqlDbType.NVarChar).Value = TextBox3.Text;
cmd.Parameters.Add("@city", SqlDbType.NVarChar).Value = TextBox4.Text;
cmd.Parameters.Add("@msg", SqlDbType.NVarChar).Value = TextArea1.Text;
connection.Open();
cmd.ExecuteNonQuery();
}
} //Connection closed and disposed autmatically here
在此处阅读Sql注入
您忘记关闭VALUES()
string insertSQL="INSERT INTO dbo.contct(" ;
insertSQL += "name,number,email,city,msg)";
insertSQL += "VALUES ('";
insertSQL += TextBox1.Text + "','";
insertSQL += TextBox2.Text + "','";
insertSQL += TextBox3.Text + "','";
insertSQL += TextBox4.Text + "','";
insertSQL += TextArea1.Text + "')";