因此,如果我运行此代码,我会抛出多部分标识符错误,而忽略文本框的绑定" clid"
有人可以帮忙解决这个问题吗?
Using cnnentry As New SqlConnection("Data Source=NB-1492\sqlipt;Initial Catalog=Bookings;Integrated Security=True;Pooling=False")
Dim entrclientid As String
Dim clid As New TextBox
clid = FormView1.FindControl("txtclientid")
entrclientid = Convert.ToString(clid)
Dim sqlentry1 As String = "INSERT INTO BOOKING_DETAILS(CLIENT_ID) VALUES("
Dim sqlentry2 As String = entrclientid
Dim sqlentry3 As String = ")"
Dim sqlentry4 As String = sqlentry1 & sqlentry2 & sqlentry3
Dim cmdclientid As New SqlCommand(sqlentry4, cnnentry)
cnnentry.Open()
string1 = cmdclientid.ExecuteNonQuery()
cnnentry.Close()
End Using
提前致谢
P.S。请原谅我极快写的命名约定
答案 0 :(得分:2)
您不希望将TextBox转换为String,但它是Text属性:
变化
entrclientid = Convert.ToString(clid)
到
entrclientid = clid.Text
但更重要的是,您应该使用sql-parameters来阻止sql-injection。
Dim sql As String = "INSERT INTO BOOKING_DETAILS(CLIENT_ID) VALUES(@CLIENT_ID)"
Dim cmdclientid As New SqlCommand(sql, cnnentry)
cmdclientid.Parameters.AddWithValue("@CLIENT_ID", clid.Text)