Asp.Net SQL 删除语句
本文关键字:语句 删除 SQL Net Asp | 更新日期: 2023-09-27 18:27:16
我有一个Asp.net
应用程序,如果用户通过网络提交请求,我正在尝试从我的"用户"数据库中删除一行,但我似乎无法让它工作。
.HTML
<div class="panel panel-danger">
<div class="panel-heading">
<h3 class="panel-title">Remove User</h3>
</div>
<div class="panel-body">
<asp:Label ID="lbRemoveUser" runat="server" Text="Remove User">
<b>Enter Full Name</b>
</asp:Label>
<asp:TextBox runat="server" ID="txtRemoveUser" CssClass="form-control" AutoPostBack="true" OnTextChanged="txtRemoveUser_TextChanged" />
<asp:Label ID="removeUserNotExist" runat="server" Text="The user entered does not exist." Visible="false" style="color: red"></asp:Label>
</div>
<div class="panel-footer">
<div class="text-center">
<asp:Button CssClass="btn btn-danger" ID="btnSubmitRemoveUser" runat="server" Text="Remove User" ToolTip="Click to remove the user from the list." OnClick="removeUserSubmitButton_Click" />
</div>
</div>
</div>
<!-- Confirm Removal Modal-->
<div class="modal fade" id="confirmRemoveUserModal">
<div class="modal-dialog" style="margin-top: 55px">
<div class="modal-content">
<div class="modal-header ConfirmHeader">
<h4 class="modal-title" id="myModalLabel">Confirm Removal</h4>
</div>
<div class="modal-body">
<p>Are you sure you want to remove <b><%=Session["txtRemoveUser"] %></b> from the payday lunch list?</p>
<p>If you don't, click 'No' and the user will not be removed.</p>
</div>
<div class="modal-footer ConfirmFooter">
<asp:Button id="btnRemoveConfirmYes" runat="server" CssClass="btn btn-success" Text="Yes" OnClick="btnRemoveConfirmYes_Click" ToolTip="Click to remove the user from the payday lunch list." />
<asp:Button id="btnRemoveConfirmNo" runat="server" CssClass="btn btn-warning" Text="No" OnClick="btnAllCloses_Click" ToolTip="Click to close this screen. The user will not be removed." />
</div>
</div>
</div>
</div>
我尝试过的代码
public void btnRemoveConfirmYes_Click(object sender, EventArgs e)
{
string connection = ConfigurationManager.ConnectionStrings["PaydayLunchConnectionString1"].ConnectionString;
SqlConnection conn = new SqlConnection(connection);
conn.Open();
SqlCommand cmd1 = new SqlCommand("DELETE FROM Users WHERE Name = " + txtRemoveUser.Text, conn);
conn.Close();
txtRemoveUser.Text = "";
Response.Redirect("/AdminSide/TaskList.aspx");
}
就像我说的,我想要的只是删除该条目(如果它存在于我的数据库中(。 我已经进行了检查以确保该条目存在于"用户"表中
我是否需要SqlDataReader rd1 = cmd1.ExecuteReader();
,因为当我尝试它时,我收到服务器错误"System.Data.SqlClient.SqlException:无效的列名'Test2'"。
您没有使用 ExecuteNonQuery
.您还必须将用户名包装在撇号中:
SqlCommand cmd1 = new SqlCommand("DELETE FROM Users WHERE Name = '" + txtRemoveUser.Text + "'", conn);
但是您应该始终使用 sql 参数来防止 sql 注入和其他问题:
using(var cmd1 = new SqlCommand("DELETE FROM Users WHERE Name = @Name", conn))
{
cmd1.Parameters.Add("@Name", SqlDbType.VarChar).Value = txtRemoveUser.Text;
conn.Open();
cmd1.ExecuteNonQuery();
}
还可以对实现IDisposable
(如 SqlCommand
或更重要的SqlConnection
(的类型使用 using
语句,以确保释放非托管资源。