我正在使用以下代码填充GridView,并在文本框中输入数字数据并单击按钮。 但它给出了以下错误。 将数据类型varchar转换为float时出错。 由于我的数据库列'matri_perct'的数据类型为'float'。
protected void Button1_Click(object sender, EventArgs e)
{
try
{
con = new SqlConnection(ConfigurationManager.ConnectionStrings["SQL Connection String"].ConnectionString);con.Open();
com = new SqlCommand("SELECT * FROM stdtable WHERE matri_perct > @Percent", con);
com.Parameters.AddWithValue("Percent", float.Parse(txtPercent.Text));
com.ExecuteNonQuery();
SqlDataAdapter dataadapter = new SqlDataAdapter();
DataSet ds = new DataSet();
dataadapter.Fill(ds, "Data");
GridView1.DataSource = ds;
GridView1.DataMember = "Data";
con.Close();
}
catch (System.Exception err)
{
Label1.Text = err.Message.ToString();
}
}
我的GridView .aspx代码声明为
<asp:GridView ID="GridView1" runat="server" AllowPaging="True" AutoGenerateColumns="False" DataKeyNames="univ_regno" DataSourceID="" EnableModelValidation="True">
<Columns>
<asp:BoundField DataField="school" HeaderText="School"
SortExpression="school" />
<asp:BoundField DataField="univ_regno" HeaderText="Univ R.No." ReadOnly="True"
SortExpression="univ_regno" />
<asp:BoundField DataField="colge_rollno" HeaderText="Coll. R.No."
SortExpression="colge_rollno" />
<asp:BoundField DataField="branch" HeaderText="Branch"
SortExpression="branch" />
<asp:BoundField DataField="sem" HeaderText="Sem" SortExpression="sem" />
<asp:BoundField DataField="name" HeaderText="Name" SortExpression="name" />
<asp:BoundField DataField="f_name" HeaderText="F.Name"
SortExpression="f_name" />
<asp:BoundField DataField="date_birth" HeaderText="DOB"
SortExpression="date_birth" />
<asp:BoundField DataField="mob" HeaderText="Mobile"
SortExpression="mob" />
<asp:BoundField DataField="email" HeaderText="E-mail" SortExpression="email" />
<asp:BoundField DataField="matri_perct" HeaderText="Matric %"
SortExpression="matri_perct" />
<asp:BoundField DataField="intermed_perct" HeaderText="Intermediate %"
SortExpression="intermed_perct" />
<asp:BoundField DataField="grad_perct" HeaderText="UG %"
SortExpression="grad_perct" />
<asp:BoundField DataField="post_grad_perct" HeaderText="PG %"
SortExpression="post_grad_perct" />
<asp:BoundField DataField="other_perct" HeaderText="Other %"
SortExpression="other_perct" />
<asp:BoundField DataField="no_backlogs" HeaderText="Backlogs"
SortExpression="no_backlogs" />
<asp:BoundField DataField="Password" HeaderText="Password"
SortExpression="Password" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="studentprofile" runat="server"
ConnectionString="<%$ ConnectionStrings:SQL Connection String %>"
SelectCommand="SELECT DISTINCT [school], [univ_regno], [colge_rollno], [branch], [sem], [name], [f_name], [date_birth], [cores_add], [mob], [email], [matri_perct], [intermed_perct], [grad_perct], [post_grad_perct], [other_perct], [no_backlogs], [Password] FROM [stdtable] ORDER BY [branch], [univ_regno]">
</asp:SqlDataSource>
答案 0 :(得分:3)
首先,养成使用parameters构建SQL语句的习惯,就像在rene的答案中一样,而不是通过连接。您可以通过这种方式避免许多问题(例如,SQL注入攻击,具有转义SQL语句的转义符的字符串)。
其次,如果matri_perct是浮点数,则正确的语法是:
com = new SqlCommand("SELECT * FROM stdtable WHERE matri_perct > " +
float.Parse(txtPercent.Text) + ", con);
没有单引号或百分号。
正如我所说,不要将其直接复制到您的生产代码中!,而是将用户输入转换为参数。考虑一下user输入
会发生什么0); DROP TABLE Students; --
进入您的文本框。
修改
这段代码对我来说有点混乱:
com.ExecuteNonQuery(); // looks like you're running the SELECT statement then discarding the result
SqlDataAdapter dataadapter = new SqlDataAdapter();
DataSet ds = new DataSet();
dataadapter.Fill(ds, "Data"); // I don't see how this gets the data from your query, above.
GridView1.DataSource = ds;
GridView1.DataMember = "Data"; // see my change, below.
相反如何(保留前三行完整):
SqlDataReader reader = com.ExecuteReader(); // execute SELECT statement, store result in data reader
SqlDataAdapter adapter = new SqlDataAdapter();
adapter.Fill( reader );
GridView1.DataSource = adapter;
GridView1.DataBind();
答案 1 :(得分:2)
让sqlclient做繁重的工作:
com = new SqlCommand("SELECT * FROM stdtable WHERE matri_perct > @percent", con);
com.Parameters.AddWithValue("percent", float.Parse(txtPercent.Text));
com.ExecuteNonQuery();
或者,如果您想更具体地了解sqlparameter type:
com = new SqlCommand("SELECT * FROM stdtable WHERE matri_perct > @percent", con);
var percentParam = new SqlParameter("percent", SqlDbType.Float);
percentParam.Value = txtPercent.Text;
com.Parameters.Add(percentParam);
最重要的是:总是使用参数(如Bob所指出的)而不是字符串连接,否则你会遇到麻烦。
答案 2 :(得分:2)
我在@Bob Kaufman&amp;帮助下解决了我的问题。 @rene 我的问题的完整解决方案如下:
protected void Button1_Click(object sender, EventArgs e)
{
try
{
con = new SqlConnection(ConfigurationManager.ConnectionStrings["SQL Connection String"].ConnectionString);
con.Open();
com = new SqlCommand("SELECT * FROM stdtable WHERE matri_perct > @Percent", con);
com.Parameters.AddWithValue("@Percent", float.Parse(txtPercent.Text));
SqlDataReader reader = com.ExecuteReader(); // execute SELECT statement, store result in data reader
GridView1.DataSource = reader;
GridView1.DataBind();
con.Close();
}
catch (System.Exception err)
{
Label1.Text = err.Message.ToString();
}
}
然后我更改了AllowPaging = false
有效;)