我使用以下代码进行编辑功能。当我输入值时,它不会显示任何错误,但它不会将新值保存在数据库中。 INSERT和UPDATE命令都不起作用。
SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\Users\\Omer\\Documents\\Visual Studio 2010\\WebSites\\WAPPassignment\\App_Data\\LoginStuff.mdf;Integrated Security=True;User Instance=True");
SqlCommand cmd;
SqlDataReader dr;
protected void imgbtnENFN_Click(object sender, ImageClickEventArgs e)
{
pnENFN.Visible = false;
lblENFN.Text = txtENFN.Text;
}
protected void imgbtnENLN_Click(object sender, ImageClickEventArgs e)
{
pnENLN.Visible = false;
lblENLN.Text = txtENLN.Text;
}
protected void Button3_Click(object sender, EventArgs e)
{
con.Open();
// cmd = new SqlCommand("UPDATE WhatTypes SET [First Name]='" + lblENFN.Text + "',[Last Name]='" + lblENLN.Text + "',[TP Number]='" + lblNTPn.Text + "',Email='" + lblENEm.Text + "',UserName='" + lblENUN.Text + "',Password='" + lblENP.Text + "',UserLevel='"+ lblEUL.Text+"Where UserName='" + txtAEUNS.Text+"')", con);
cmd = new SqlCommand("Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) Values ('" + lblENFN.Text + "','" + lblENLN.Text + "','" + lblNTPn.Text + "','" + lblENEm.Text + "', '" + txtEUN.Text + "', '" + lblENP.Text + "','" + lblEUL.Text+"'Where UserName = '"+txtAEUNS.Text+"' )", con);
cmd.ExecuteNonQuery();
con.Close();
}
答案 0 :(得分:1)
试试这个会起作用
cmd = new SqlCommand("Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) Values ('" + lblENFN.Text + "','" + lblENLN.Text + "','" + lblNTPn.Text + "','" + lblENEm.Text + "', '" + txtEUN.Text + "', '" + lblENP.Text + "','" + lblEUL.Text+" )", con);
cmd.ExecuteNonQuery();
答案 1 :(得分:1)
protected void Button3_Click(object sender, EventArgs e)
{
con.Open();
// cmd = new SqlCommand("UPDATE WhatTypes SET [First Name]='" + lblENFN.Text + "',[Last Name]='" + lblENLN.Text + "',[TP Number]='" + lblNTPn.Text + "',Email='" + lblENEm.Text + "',UserName='" + lblENUN.Text + "',Password='" + lblENP.Text + "',UserLevel='"+ lblEUL.Text+"Where UserName='" + txtAEUNS.Text+"')", con);
cmd = new SqlCommand("Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) Values ('" + lblENFN.Text + "','" + lblENLN.Text + "','" + lblNTPn.Text + "','" + lblENEm.Text + "', '" + txtEUN.Text + "', '" + lblENP.Text + "','" + lblEUL.Text+"')", con);
cmd.ExecuteNonQuery();
con.Close();
}
答案 2 :(得分:0)
protected void cmdInsert_Click(object sender, EventArgs e)
{
con.Open();
string InsertQuery="Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) "+
" Values (@fname,@lname,@tpNumber,@email,@userName,@password,@userLevel)";
cmd = new SqlCommand(InsertQuery,con);
cmd.Parameters.AddWithValue("@fname",lblENFN.Text);
cmd.Parameters.AddWithValue("@lname",lblENLN.Text);
cmd.Parameters.AddWithValue("@tpNumber",lblNTPn.Text);
cmd.Parameters.AddWithValue("@email",lblENEm.Text);
cmd.Parameters.AddWithValue("@userName",txtEUN.Text);
cmd.Parameters.AddWithValue("@password",lblENP.Text);
cmd.Parameters.AddWithValue("@userLevel",lblEUL.Text);
cmd.ExecuteNonQuery();
con.Close();
}
protected void cmdUpdate_Click(object sender, EventArgs e)
{
con.Open();
string InsertQuery = "UPDATE WhatTypes SET [First Name]=@fname,[Last Name]=@lname,"+
"[TP Number]=@tpNumber,Email=@email,Password=@password,UserLevel=@userLevel Where UserName=@userName";
cmd = new SqlCommand(InsertQuery, con);
cmd.Parameters.AddWithValue("@fname", lblENFN.Text);
cmd.Parameters.AddWithValue("@lname", lblENLN.Text);
cmd.Parameters.AddWithValue("@tpNumber", lblNTPn.Text);
cmd.Parameters.AddWithValue("@email", lblENEm.Text);
//you do not update username
//cmd.Parameters.AddWithValue("@userName", txtEUN.Text);
cmd.Parameters.AddWithValue("@password", lblENP.Text);
cmd.Parameters.AddWithValue("@userLevel", lblEUL.Text);
cmd.Parameters.AddWithValue("@userName", txtAEUNS.Text);
cmd.ExecuteNonQuery();
con.Close();
}
答案 3 :(得分:0)
你应该把')'放在
之前答案 4 :(得分:0)
使用SqlParameter将变量设置为sql命令,它比字符串concat更安全,更易读。在这种情况下,在where语句之前,sql字符串出错。并且在配置文件上保持连接字符串,并在try catch块中进行操作并在finally块上关闭连接是优雅的方式。顺便说一下,省略了WHERE块上的INSERT语句。
答案 5 :(得分:0)
用
替换cmd语句cmd = new SqlCommand("Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) Values ('" + lblENFN.Text + "','" + lblENLN.Text + "','" + lblNTPn.Text + "','" + lblENEm.Text + "', '" + txtEUN.Text + "', '" + lblENP.Text + "','" + lblEUL.Text + "') Where UserName = '" + txtAEUNS.Text + "'", con);
答案 6 :(得分:0)
试试这个:
protected void Button3_Click(object sender, EventArgs e)
{
con.Open();
// cmd = new SqlCommand("UPDATE WhatTypes SET [First Name]='" + lblENFN.Text + "',[Last Name]='" + lblENLN.Text + "',[TP Number]='" + lblNTPn.Text + "',Email='" + lblENEm.Text + "',UserName='" + lblENUN.Text + "',Password='" + lblENP.Text + "',UserLevel='"+ lblEUL.Text+" Where UserName='" + txtAEUNS.Text+"'", con);
//remove comment for update statement
cmd = new SqlCommand("Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) Values ('" + lblENFN.Text + "','" + lblENLN.Text + "','" + lblNTPn.Text + "','" + lblENEm.Text + "', '" + txtEUN.Text + "', '" + lblENP.Text + "','" + lblEUL.Text+"')", con);
cmd.ExecuteNonQuery();
con.Close();
}
答案 7 :(得分:0)
尝试就像你的命令一样。希望它可能有所帮助。您可以使用命令参数:
string sqlIns = "INSERT INTO table (name, information, other)
VALUES (@name, @information,@other)";
db.Open();
try
{
SqlCommand cmdIns = new SqlCommand(sqlIns, db.Connection);
cmdIns.Parameters.Add("@name", info);
cmdIns.Parameters.Add("@information", info1);
cmdIns.Parameters.Add("@other", info2);
cmdIns.ExecuteNonQuery();
cmdIns.Dispose();
cmdIns = null;
}
catch(Exception ex)
{
throw new Exception(ex.ToString(), ex);
}
finally
{
db.Close();
}