sql查询不起作用:asp.net表单连接到数据库并插入数据

本文关键字：数据库插入数据连接表单不起作用查询 asp net sql | 更新日期: 2023-09-27 18:24:47

.aspx文件代码

<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
    <div style="background-color:lightgray;font-family:'Comic Sans MS' ">
  <br />
    <h2 style="text-align:center;"> CONTACT <b><span style="color:red">L</span>EA<span style="color:darkgreen">P</span></b> DRIVING SCHOOL</h2>
        <br />
    <fieldset style="align-content:center; color:lightgray;text-align:center ">
      <br /> <br />  
        <asp:Label ID="Label2" runat="server" Text="Name" ForeColor="Black"></asp:Label><br />
        <asp:TextBox ID="TextBox1" runat="server" size="25"  >  </asp:TextBox> <%--<asp:RequiredFieldValidator
            ID="rfvName" runat="server" ErrorMessage="Please enter Name"
            ControlToValidate="TextBox1" Display="Dynamic" ForeColor="#FF3300"
            SetFocusOnError="True"></asp:RequiredFieldValidator>       --%>                                                                                               <br /> <br />
        <asp:Label ID="Label3" runat="server" Text="mobile number" ForeColor="Black"></asp:Label> <br />
          <asp:TextBox ID="TextBox2" runat="server" size="25" ForeColor="Black"></asp:TextBox>  <%-- <asp:RequiredFieldValidator
            ID="RequiredFieldValidator2" runat="server" ErrorMessage="Please enter Number"
            ControlToValidate="TextBox2" Display="Dynamic" ForeColor="#FF3300"
            SetFocusOnError="True"></asp:RequiredFieldValidator>                              --%>                      <br /> <br />
        <asp:Label ID="Label4" runat="server" Text="Email" ForeColor="Black"></asp:Label> <br />
        <asp:TextBox ID="TextBox3" runat="server"  size="25" ></asp:TextBox>   <%--<asp:RequiredFieldValidator ID="rfvEmailId" runat="server"
            ControlToValidate="TextBox3" Display="Dynamic"
            ErrorMessage="Please enter Email Id" ForeColor="Red" SetFocusOnError="True"></asp:RequiredFieldValidator>
        <asp:RegularExpressionValidator ID="rgeEmailId" runat="server"
            ControlToValidate="TextBox3" Display="Dynamic"
            ErrorMessage="Please enter valid email id format" ForeColor="Red"
            SetFocusOnError="True"
            ValidationExpression="'w+([-+.']'w+)*@'w+([-.]'w+)*'.'w+([-.]'w+)*"></asp:RegularExpressionValidator>    --%>                                                                      <br /> <br />
        <asp:Label ID="Label5" runat="server" Text="City" ForeColor="Black"></asp:Label> <br />
         <asp:TextBox ID="TextBox4" runat="server" size="25" ></asp:TextBox>                <br /> <br />
        <asp:Label ID="Label6" runat="server" Text="Message" ForeColor="Black"></asp:Label> <br />
        <asp:TextBox id="TextArea1" TextMode="multiline" Columns="27" Rows="8" runat="server" />  <br /> <br />
    <asp:Button ID="Button1" runat="server" Text="Submit" Font-Bold="true" BackColor="Green" Width="83px" height="37px" OnClick="Button1_Click" />    &nbsp &nbsp &nbsp
        <asp:Button ID="Button2" runat="server" Text="Reset"  Font-Bold="true" BackColor="red" Width="83px" height="37px"/>

        <br /> <br />
        <asp:Label ID="Label1" runat="server" Text=""></asp:Label>
        </fieldset>
<br />
        <br />
    </div>
</asp:Content>

.css文件代码

  protected void Button1_Click(object sender, EventArgs e)
    {
       // string connstring=ConfigurationManager.ConnectionStrings["yourconnstringInWebConfig"].ConnectionString;
     //   SqlConnection con = new SqlConnection();
       // SqlConnection con = new SqlConnection();
       // con.ConnectionString = "Data Source=ADMIN;Initial Catalog=contact;Integrated Security=True";
        string insertSQL="INSERT INTO dbo.contct("  ;
        insertSQL += "name,number,email,city,msg)";
        insertSQL += "VALUES ('";
        insertSQL += TextBox1.Text + "','";
        insertSQL += TextBox2.Text + "','";
        insertSQL += TextBox3.Text + "','";
        insertSQL += TextBox4.Text + "','";
        insertSQL += TextArea1.Text + "','";
       SqlConnection con = new SqlConnection("Data Source=ADMIN;Initial Catalog=contact;Integrated Security=True");
        SqlCommand cmd = new SqlCommand(insertSQL,con);
        int added = 0;
      try  {
          con.Open();
          added = cmd.ExecuteNonQuery();
          Label1.Text = added.ToString() + "successfuly your information is submitted thank you!!";
        }
      catch (Exception er)
      {
          Label1.Text = "error while inserting record";
          Label1.Text = er.Message;
      }
      finally
      {
          con.Close();
      }
    }

}``

这是两个文件代码表单和sql查询，当用户提交按钮时，它应该向我在sql数据库中创建的表中添加值，但没有数据。没有值被提交。我尝试了很多次，但都不起作用。plz帮助我解决这个

您的插入查询sytax不正确，因此没有插入任何数据。VALUES()中缺少右括号)，当前您的查询被sql注入漏洞。我已经参数化了您的查询，并对您的代码进行了更改以反映这一点。还建议使用using块来正确关闭和处理连接。

string myQuery = "INSERT INTO dbo.contct(name,number,email,city,msg) VALUES(@name, @number, @email, @city, @msg)";
using (var connection = new SqlConnection("YourConnectionString"))
{
    using (var cmd = new SqlCommand(myQuery, connection))
    {
        cmd.Parameters.Add("@name", SqlDbType.NVarChar).Value = TextBox1.Text;
        cmd.Parameters.Add("@number", SqlDbType.NVarChar).Value = TextBox2.Text;
        cmd.Parameters.Add("@email", SqlDbType.NVarChar).Value = TextBox3.Text;
        cmd.Parameters.Add("@city", SqlDbType.NVarChar).Value = TextBox4.Text;
        cmd.Parameters.Add("@msg", SqlDbType.NVarChar).Value = TextArea1.Text;
        connection.Open();
        cmd.ExecuteNonQuery();
    }
} //Connection closed and disposed autmatically here

在此处阅读Sql注入

sql查询不起作用:asp.net表单连接到数据库并插入数据

您忘记关闭VALUES()

string insertSQL="INSERT INTO dbo.contct("  ;
    insertSQL += "name,number,email,city,msg)";
    insertSQL += "VALUES ('";
    insertSQL += TextBox1.Text + "','";
    insertSQL += TextBox2.Text + "','";
    insertSQL += TextBox3.Text + "','";
    insertSQL += TextBox4.Text + "','";
    insertSQL += TextArea1.Text + "')";