SQL更新命令不起作用

时间:2014-02-05 14:13:22

标签: c# asp.net sql-server-2008 c#-3.0 sqldataadapter

我在Asp.net网站上创建了一个网页。以下页面加载将在从上一页获取参数时运行。该页面还有一个用于编辑内容和在数据库中更新的选项。但是当单击按钮(保存)时,它不会更新数据库。请在此帮助。但是当页面加载中没有连接时,update命令有效。 

protected void Page_Load(object sender, EventArgs e)
{
    String cust=Request.QueryString["custName"];
    String env = Request.QueryString["env"];
    SqlConnection cnn = new SqlConnection();
    string connStr = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString;
    SqlDataAdapter adapter = new SqlDataAdapter();
    cnn.ConnectionString = connStr;
    cnn.Open();
    view();
    if (env == "Production")
    {
        DataSet MyDataSet = new DataSet();
        adapter = new SqlDataAdapter("Select * from Customer_Production where Customer_Name=@cust", cnn);
        SqlCommandBuilder m_cbCommandBuilder = new SqlCommandBuilder(adapter);
        cnn.Close();
        //SqlCommand cmd = new SqlCommand("Select * from Customer_Production where Customer_Name=@cust", cnn);
        adapter.SelectCommand.Parameters.AddWithValue("@cust", cust);
        adapter.Fill(MyDataSet, "Servers");
        foreach (DataRow myRow in MyDataSet.Tables[0].Rows)
        {
            custName.Value = myRow["Customer_name"].ToString();
            custMaintain.Value= myRow["Customer_Maintenance"].ToString();
            serviceAffect.Value=myRow["Systems/Services_Affected"].ToString();
            email_Content.Value= myRow["Email_Content"].ToString();
            email_Signature.Value= myRow["Email_Signature"].ToString();
            email_From.Value=myRow["Email_From"].ToString();
            email_To.Value=myRow["Email_To"].ToString();
            email_Cc.Value=myRow["Email_Cc"].ToString();
            email_Bcc.Value=myRow["Email_Bcc"].ToString();

        }
    }
    else
    {
        DataSet MyDataSet = new DataSet();
        adapter = new SqlDataAdapter("Select * from Customer_Non_Production where Customer_Name=@cust", cnn);
        SqlCommandBuilder m_cbCommandBuilder = new SqlCommandBuilder(adapter);
        cnn.Close();
        //SqlCommand cmd = new SqlCommand("Select * from Customer_Production where Customer_Name=@cust", cnn);
        adapter.SelectCommand.Parameters.AddWithValue("@cust", cust);
        adapter.Fill(MyDataSet, "Servers");


        foreach (DataRow myRow in MyDataSet.Tables[0].Rows)
        {
            custName.Value = myRow["Customer_name"].ToString();
            custMaintain.Value = myRow["Customer_Maintenance"].ToString();
            serviceAffect.Value = myRow["Systems/Services_Affected"].ToString();

            email_Content.Value = myRow["Email_Content"].ToString();
            email_Signature.Value = myRow["Email_Signature"].ToString();
            email_From.Value = myRow["Email_From"].ToString();
            email_To.Value = myRow["Email_To"].ToString();
            email_Cc.Value = myRow["Email_Cc"].ToString();
            email_Bcc.Value = myRow["Email_Bcc"].ToString();

        }
    }

以下是按钮单击保存按钮(用于更新命令)

 protected void save_click(object sender, EventArgs e)
{
    //Button Click Save
    /*        String id = "A";
    SqlConnection cnn = new SqlConnection();
    string connStr = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString;
    SqlDataAdapter adapter = new SqlDataAdapter();
    cnn.ConnectionString = connStr;
    cnn.Open();
    String sql = String.Format("Update Customer_Production set Email_Signature='{0}' where Customer_Name like '{1}'",TextBox1.Text,id);
    SqlCommand cmd = new SqlCommand(sql, cnn);

    cmd.ExecuteNonQuery();
     */
    String cust = "A";
    SqlConnection cnn = new SqlConnection();
    string connStr = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString;
    SqlDataAdapter adapter = new SqlDataAdapter();
    cnn.ConnectionString = connStr;
    cnn.Open();
    if (env.Value == "Production")
    {
        //String sql = String.Format("Update Customer_Production set Customer_Maintenance='{0}',Environment='{1}',[Systems/Services_Affected]='{2}',Email_Content='{3}',Email_Signature='{4}',Email_To='{5}',Email_Cc='{6}',Email_Bcc='{7}',Email_From='{8}' where Customer_Name like '{9}' ", "custMaintain.Value","env.Value","serviceAffect.Value","email_Content.Value","email_To.Value","email_Cc.Value","email_Bcc.Value","email_From.Value", "cust");
        String sql = String.Format("Update Customer_Production set Email_Signature='{0}' where Customer_Name like '{1}'", email_Signature.Value,cust);
        SqlCommand cmd = new SqlCommand(sql, cnn);
        cmd.ExecuteNonQuery();

    }
    else
    {

    }

}

1 个答案:

答案 0 :(得分:0)

我不确定为什么Page_Load中的连接(或不连接)会产生影响,但这有一件事让我感到满意:

String.Format(
   "Update Customer_Production set Email_Signature='{0}' where Customer_Name like '{1}'",        
   email_Signature.Value,
   cust);

(我把它分成几行,因为我感兴趣的部分是格式字符串的最后一部分。)

您已在该方法中将cust设置为“A”。因此,将产生的SQL(最后)将如下所示:

 ... where Customer_Name like 'A'

除非您的客户名称与A完全相同,否则不会返回任何内容,因此不会更新任何记录。你忘记了'%'通配符。

我同意所有那些指出你的代码容易受到SQL注入攻击的人(你也会遇到单引号问题),但只是为了向你展示它需要的样子,这里是通配符:

 Update Customer_Production set Email_Signature='{0}' where Customer_Name like '{1}%'
相关问题
最新问题