Asp.net从文本框和下拉列表中添加数据库

时间:2012-05-14 15:09:22

标签: c# asp.net visual-studio-2010

net添加数据库。我正在尝试在下拉列表中的两个文本框和一个选定值上执行文本以添加我的表。 这是我的代码

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;

public partial class _Default : System.Web.UI.Page

{

    protected void Page_Load(object sender, EventArgs e)
    {

    }
    protected void Button1_Click(object sender, EventArgs e)
    {
        string connectionString = @" Data Source=.\SQLEXPRESS;AttachDbFilename=C:\USERS\CEM\DOCUMENTS\VISUAL STUDIO 2010\WEBSITES\EKLEMEDENE\APP_DATA\DATABASE.MDF;Integrated Security=True;User Instance=True";
        string queryString = "INSERT INTO ekle(flight, name, food) VALUES   ('" + TextBox1.Text + " ' , '" + TextBox2.Text + " ' ,  '" + DropDownList1.SelectedValue + " '  )";
        SqlConnection con = new SqlConnection(connectionString);
        SqlCommand command = new SqlCommand(queryString, con);
        con.Open();
        command.ExecuteNonQuery();

        con.Close();
    }
}

执行后我会有错误

  

数据库'C:\ Users \ Cem \ Documents \ Visual Studio 2010 \ WebSites \ eklemedene \ App_Data \ Database.mdf'已经存在。选择其他数据库名称。   尝试为文件C:\ USERS \ CEM \ DOCUMENTS \ VISUAL STUDIO 2010 \ WEBSITES \ EKLEMEDENE \ APP_DATA \ DATABASE.MDF附加自动命名的数据库失败。存在具有相同名称的数据库,或者无法打开指定的文件,或者它位于UNC共享上。

1 个答案:

答案 0 :(得分:1)

  1. 你对SQL-Injection很开放。避免直接从控件传递参数。而是使用Parameters
  2. using-statement用于实现IDisposable的任何内容,例如连接或命令:
  3. 您的ConnectionString有问题,您可以尝试使用SqlConnectionStringBuilder类:
    4. //Build the connection 
SqlConnectionStringBuilder bldr = new SqlConnectionStringBuilder();

//Put your server or server\instance name here.  Likely YourComputerName\SQLExpress
bldr.DataSource = ".\\SQLEXPRESS";

//Attach DB Filename
bldr.AttachDBFilename = @"C:\USERS\CEM\DOCUMENTS\VISUAL STUDIO 2010\WEBSITES\EKLEMEDENE\APP_DATA\DATABASE.MDF";

//User Instance
bldr.UserInstance = true;

//Whether or not a password is required.
bldr.IntegratedSecurity = true;

using(var connection = new SqlConnection(bldr.ConnectionString))
{
    var sql = "INSERT INTO ekle(flight, name, food) VALUES (@flight, @name , @food)";
    using(var command = new SqlCommand(sql, connection))
    {
        command.Parameters.AddWithValue("@flight", TextBox1.Text);
        command.Parameters.AddWithValue("@name", TextBox2.Text);
        command.Parameters.AddWithValue("@food", DropDownList1.SelectedValue); 
        connection.Open();
        command.ExecuteNonQuery();
    }
} // closes the connection implicitely
相关问题
最新问题