Question

我正在尝试开发ac＃standalone应用程序并且我的插入代码没有错误但是当我点击它将完美地插入第一个表或crtPro但它没有添加到第二个表，任何人都可以给我一些提示... ??? 这是我的插入代码代码......

 private void button1_Click(object sender, EventArgs e)
    {

         System.Data.OleDb.OleDbConnection conn = new System.Data.OleDb.OleDbConnection();
        conn.ConnectionString = @"Provider=Microsoft.ACE.OLEDB.12.0;" +
        @"Data source= C:\Documents and Settings\abel\My Documents\Visual Studio 2010\Projects\WindowsFormsApplication1\WindowsFormsApplication1\crt_db.accdb";
        try
        {
            conn.Open();
            String Name = txtName.Text.ToString();

            String Address = txtAddress.Text.ToString();    

            //String Wereda = txtWereda.Text.ToString();
            //String Kebele = txtKebele.Text.ToString();
            //String House_No = txtHouse.Text.ToString();
            //String P_O_BOX = txtPobox.Text.ToString();

            String Tel = txtTel.Text.ToString();
            //String Fax = txtFax.Text.ToString();
            String Email = txtEmail.Text.ToString();
            String Item = txtItem.Text.ToString();
            String Dep = txtDep.Text.ToString();
            String Status = ToString();
            String Remark = txtRemark.Text.ToString();

            String Type = txtType.Text.ToString();
            String Brand = txtBrand.Text.ToString();
            String License_No = txtlicense.Text.ToString();
            String Date_issued = txtDate.Text.ToString();
            String my_querry = "INSERT INTO crtPro(Name,Address,Email,Tel,Item,Dep,Status,Remark)VALUES('" + Name + "','" + Address + "','" + Email + "','" + Tel + "','" + Item + "','" + Dep + "','" + Remark + "')";
            OleDbCommand cmd = new OleDbCommand(my_querry, conn);
            cmd.ExecuteNonQuery();
            conn.Close();
            conn.Open();

            String my_querry1 = "SELECT LAST(PID) FROM crtPro";
            OleDbCommand cmd1 = new OleDbCommand(my_querry1, conn);
            string var = cmd1.ExecuteScalar().ToString();
            //txtStatus.Text = var;
            String PID = ToString();
            String my_querry2 = "INSERT INTO crtItemLicense(PID,Type,Brand,License_No,Date_issued)VALUES('" +PID + "','" + Type + "','" + Brand + "','" + License_No + "','" + Date_issued + "')";
            OleDbCommand cmd2 = new OleDbCommand(my_querry2, conn);
            cmd2.ExecuteNonQuery();
            MessageBox.Show("Message added succesfully");
                    }


        catch (Exception ex)
        {
            MessageBox.Show("Failed due to" + ex.Message);
        }

        finally
        {
            conn.Close();

        }


    }

Answer 1

有几个电话，如：

String PID = ToString();

这将尝试获取'this'的字符串表示形式，这是您的表单。这可能不是您想要插入数据库的内容。你可能意味着

String PID = var.ToString();

如果不是这样，那么尝试添加更多的跟踪（或使用调试器）来缩小问题，找出导致问题的sql语句中的哪一个。

此外，一旦您使用它，请尝试在表单的名称字段中输入：

   Robert"); DROP TABLE crtPro;--

然后做一些关于SQL注入的谷歌搜索（向XKCD道歉）。

由于标准表达式c＃中的数据类型不匹配，什么是失败的？

1 个答案: