如何从放置在表单上的面板中捕获值
我不了解如何在放置在表单上的面板中的文本框中捕获值。我正在尝试使用这些值更新我的数据库表。
有人能指出我正确的方向吗?
代码:
private void btnSupplier_Click(object sender, EventArgs e)
{
try
{
Panel pnlAddSupplier = new Panel();
TextBox txtSupplierID = new TextBox();
TextBox txtSupplierName = new TextBox();
Button btnAddSupplier = new Button();
Label lblSupplierID = new Label();
Label lblSupplierName = new Label();
// Initialize the Panel control.
pnlAddSupplier.Location = new Point(56, 74);
pnlAddSupplier.Size = new Size(200, 200);
// Set the Borderstyle for the Panel to three-dimensional.
pnlAddSupplier.BorderStyle = System.Windows.Forms.BorderStyle.Fixed3D;
// Initialize the Label and TextBox controls.
lblSupplierID.Location = new Point(60, 0);
lblSupplierID.Text = "Supplier ID";
lblSupplierID.Size = new Size(104, 20);
txtSupplierID.Location = new Point(20, 40);
txtSupplierID.Text = "";
txtSupplierID.Size = new Size(152, 20);
lblSupplierName.Location = new Point(20, 70);
lblSupplierName.Text = "Supplier Name";
lblSupplierName.Size = new Size(150, 20);
txtSupplierName.Location = new Point(20, 90);
txtSupplierName.Text = "";
txtSupplierName.Size = new Size(152, 20);
lblSupplierID.Location = new Point(16, 16);
lblSupplierID.Text = "Supplier ID";
btnAddSupplier.Location = new Point(60, 120);
btnAddSupplier.Text = "Add";
btnAddSupplier.Click += btnAddSupplier_Click;
// Add the Panel control to the form.
this.Controls.Add(pnlAddSupplier);
// Add the Label and TextBox controls to the Panel.
pnlAddSupplier.Controls.Add(lblSupplierID);
pnlAddSupplier.Controls.Add(txtSupplierID);
pnlAddSupplier.Controls.Add(lblSupplierName);
pnlAddSupplier.Controls.Add(txtSupplierName);
pnlAddSupplier.Controls.Add(btnAddSupplier);
}
catch { }
}
public void btnAdd_Click(object sender, EventArgs e)
{
string username= //how to assign textbox value?;
int age = //how to assign textbox value;
MySql.Data.MySqlClient.MySqlCommand cmd = new MySql.Data.MySqlClient.MySqlCommand();
string query = "INSERT INTO table(username, age) VALUES ('@xxx', '@xxx') ";
//please not these values are for demonstration.
using (connection)
{
ObjDb.OpenConnection();
ObjDb.ExecuteNonQuery(query, connection);
}
}
正如您所看到的,此代码对SQL注入是开放的,我想使用参数。为此,我需要捕获详细信息输入。怎么能实现这一目标?
我尝试分配supplierID = txtSupplierID.Text,但收到一条消息称txtSupplier.Text不存在。
谢谢。
4 个答案:
答案 0 :(得分:1)
我不知道哪个文本框用于该年龄,但我希望这为您提供了一个良好的起点。
string username = txtSupplierID.Text; // how to assign textbox value?;
int age = Int32.Parse(...); // how to assign textbox value;
您需要更多年龄验证。因此,最好使用:
int age;
if (!Int32.TryParse(..., out age))
{
MessageBox.Show("Incorrect age!");
return;
}
将txtSupplierID更改为字段:
private TextBox txtSupplierName;
并更新这些行:
txtSupplierName = new TextBox(); // remove TextBox
答案 1 :(得分:1)
这是你的意思吗?假设用户总是在txtSupplierID TextBox中输入整数值,这应该可以正常工作。将Name属性分配给您的Control并通过该名称进行访问。随意问一些我原来无法解释的问题。干杯!
private void btnSupplier_Click(object sender, EventArgs e)
{
Panel pnlAddSupplier = new Panel()
{
Name = "pnlAddSupplier",
Location = new Point(56, 74),
Size = new Size(200, 200),
BorderStyle = BorderStyle.Fixed3D
};
TextBox txtSupplierID = new TextBox()
{
Name = "txtSupplierID",
Location = new Point(20, 40),
Text = string.Empty,
Size = new Size(152, 20)
};
TextBox txtSupplierName = new TextBox()
{
Name = "txtSupplierName",
Location = new Point(20, 90),
Text = string.Empty,
Size = new Size(152, 20)
};
Label lblSupplierID = new Label()
{
Name = "lblSupplierID",
Location = new Point(20, 20),
Text = "Supplier ID:",
Size = new Size(104, 20)
};
Label lblSupplierName = new Label()
{
Name = "lblSupplierName",
Location = new Point(20, 70),
Text = "Supplier Name:",
Size = new Size(150, 20)
};
Button btnAddSupplier = new Button()
{
Name = "btnAddSupplier",
Location = new Point(60, 120),
Text = "Add",
};
btnAddSupplier.Click += btnAdd_Click;
// Add controls to the Panel.
pnlAddSupplier.Controls.Add(lblSupplierID);
pnlAddSupplier.Controls.Add(txtSupplierID);
pnlAddSupplier.Controls.Add(lblSupplierName);
pnlAddSupplier.Controls.Add(txtSupplierName);
pnlAddSupplier.Controls.Add(btnAddSupplier);
// Add the Panel control to the form.
this.Controls.Add(pnlAddSupplier);
}
public void btnAdd_Click(object sender, EventArgs e)
{
string username = this.Controls["pnlAddSupplier"].Controls["txtSupplierName"].Text;
int age = Int32.Parse(this.Controls["pnlAddSupplier"].Controls["txtSupplierID"].Text);
MySql.Data.MySqlClient.MySqlCommand cmd = new MySql.Data.MySqlClient.MySqlCommand();
string query = "INSERT INTO table(username, age) VALUES ('@xxx', '@xxx') ";
using (connection)
{
ObjDb.OpenConnection();
ObjDb.ExecuteNonQuery(query, connection);
}
}
答案 2 :(得分:0)
您正在将供应商ID文本框作为btnSupplier_Click函数的局部变量。你需要把它变成一个类变量。如果您使用设计器将其拖放到您的网页上,则此变量应出现在您的* .designer.cs文件中。
以下是如何使用参数来阻止SQL注入:
DbCommand myCommand = Connection.CreateCommand();
myCommand.CommandText = @"select * from myTable mt
where
mt.paramter = @myParameter";
DbParameter myParameter = myCommand.CreateParameter();
myParameter.ParameterName = "@myParameter";
myCommand.Parameters.Add(myParameter);
答案 3 :(得分:0)
首先,您需要命名控件:
txtSupplierID.Name = "txtSupplierID";
然后你可以得到这样的值:
Control[] Found = this.Controls.Find("txtSupplierID", true);
TextBox IDTextBox = Found[0] as TextBox;
string SupplierID = IDTextBox.Text;
不要忘记添加错误检查!
相关问题
最新问题
- 我写了这段代码,但我无法理解我的错误
- 我无法从一个代码实例的列表中删除 None 值,但我可以在另一个实例中。为什么它适用于一个细分市场而不适用于另一个细分市场?
- 是否有可能使 loadstring 不可能等于打印?卢阿
- java中的random.expovariate()
- Appscript 通过会议在 Google 日历中发送电子邮件和创建活动
- 为什么我的 Onclick 箭头功能在 React 中不起作用?
- 在此代码中是否有使用“this”的替代方法?
- 在 SQL Server 和 PostgreSQL 上查询,我如何从第一个表获得第二个表的可视化
- 每千个数字得到
- 更新了城市边界 KML 文件的来源?