我创建了一个带有密码请求的Main表单,以便根据用户名登录下一个表单。现在我在这里制作了另一个带标签的表格。一个用于插入数据的选项卡,另一个用于检查数据。
我创建了像Picture
这样的表单这是我的代码:
`
namespace Kartice
{
public partial class Matjaz : Form
{
// string KarticaMString = "Data Source=hostname;Initial Catalog=mydatabase;uid=uid;pwd=pwd;Integrated Security=True;";
// SqlConnection KarticaM = new SqlConnection();
public Matjaz()
{
InitializeComponent();
}
private void karticaMBindingNavigatorSaveItem_Click(object sender, EventArgs e)
{
}
private void usersBindingNavigatorSaveItem_Click(object sender, EventArgs e)
{
}
private void usersBindingNavigatorSaveItem_Click_1(object sender, EventArgs e)
{
}
private void karticaMBindingNavigatorSaveItem_Click_1(object sender, EventArgs e)
{
}
private void Matjaz_Load(object sender, EventArgs e)
{
// TODO: This line of code loads data into the 'kartice1.KarticaM' table. You can move, or remove it, as needed.
this.karticaMTableAdapter.Fill(this.kartice1.KarticaM);
}
private void tabPage1_Click(object sender, EventArgs e)
{
}
private void ExitBtn_Click(object sender, EventArgs e)
{
Application.Exit();
}
private void InsertBtn_Click(object sender, EventArgs e)
{
string Sqlquery = null;
string KarticaMString = null;
using (SqlConnection conn = new SqlConnection(KarticaMString))
{
{
Sqlquery = "INSERT INTO KarticaM (DateInsert, DateTransaction, Value, Purpose, DepositLift) VALUES (" + DateInsertPicker.Value + "," + DateTransactionPicker.Value + "," + ValueTxt.Text + "," + PurposeTxt.Text + "," + DepositLiftCombobox.SelectedText + ")";
conn.Open();
using (SqlCommand cmd = new SqlCommand(Sqlquery, conn))
{
cmd.Parameters.Add("@DateInsert", SqlDbType.DateTime).Value = DateInsertPicker.Value;
cmd.Parameters.Add("@DateTransaction", SqlDbType.DateTime).Value = DateTransactionPicker.Value;
cmd.Parameters.Add("@Value", SqlDbType.Money).Value = ValueTxt.Text;
cmd.Parameters.Add("@Purpose", SqlDbType.Text).Value = PurposeTxt.Text;
cmd.Parameters.Add("DepositLift", SqlDbType.Text).Value = DepositLiftCombobox.SelectedValue;
cmd.ExecuteNonQuery();
cmd.Connection = conn;
}
conn.Close();
}
}
}
}
}
我收到此错误:( Error
答案 0 :(得分:3)
虽然您的主要或第一个问题ConnectionString是null,但我也可以从您的代码中找到其他错误:
1。您的ConnectionString为null。
string KarticaMString = null;//assign your connection string here
using (SqlConnection conn = new SqlConnection(KarticaMString))
<强>解决方案:
在将Connection String对象分配给SqlConnection之前指定正确的string KarticaMString = "Data Source=hostname;Initial
Catalog=mydatabase;uid=uid;pwd=pwd;Integrated Security=True";
。
示例:
Insert Into 2。您的SQL Injection声明可能会被Parametrised Queries攻击。
解决方案:使用SqlCommand.Parameters.AddWithValue()。
3。虽然您使用sql statement分配参数,但除非您在sql语句中指定这些参数,否则它们不会反映到您的insert into中。
解决方案:首先在SqlCommand.Parameters.AddWithValue()语句中添加参数,然后使用SqlConnection语句将值添加到相应的参数中。
4。您在调用ExecuteNonQuery()声明后分配SqlConnection对象。
解决方案:不需要,因为您之前已经完成了。
5。 建议:我觉得您不需要明确关闭using{}对象,因为您在conn.Close();内声明了它block,object将使用块来处理
解决方案:删除语句private void InsertBtn_Click(object sender, EventArgs e)
{
string Sqlquery = null;
string KarticaMString = "@Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\Bojan\Desktop\Programiranje\School\Kartice\Kartice\Kartice.mdf;Integrated Security=True;User Instance=True";
using (SqlConnection conn = new SqlConnection(KarticaMString))
{
Sqlquery = "INSERT INTO KarticaM (DateInsert, DateTransaction, Value, Purpose, DepositLift) VALUES (@DateInsert,@DateTransaction,@Value,@Purpose,@DepositLift)";
conn.Open();
using (SqlCommand cmd = new SqlCommand(Sqlquery, conn))
{
cmd.Parameters.Add("@DateInsert", SqlDbType.DateTime).Value = DateInsertPicker.Value;
cmd.Parameters.Add("@DateTransaction", SqlDbType.DateTime).Value = DateTransactionPicker.Value;
cmd.Parameters.Add("@Value", SqlDbType.Money).Value = ValueTxt.Text;
cmd.Parameters.Add("@Purpose", SqlDbType.Text).Value = PurposeTxt.Text;
cmd.Parameters.Add("@DepositLift", SqlDbType.Text).Value = DepositLiftCombobox.SelectedValue;
cmd.ExecuteNonQuery();
}
}
}
最终解决方案
{{1}}
答案 1 :(得分:2)
请注意:
string KarticaMString = null;
using (SqlConnection conn = new SqlConnection(KarticaMString))
{
...
}
连接字符串KarticaMString显然是null。您必须为SqlConnection构造函数提供有效的连接字符串。有关如何编写有效连接字符串或使用ConnectionString的详细信息,请参阅SqlConnectionStringBuilder。