我无法看到代码出错的地方,我已经尝试过几次修改它并且无法得到改变,如果我能得到一些帮助,我将非常感激。
private void btnUpdatePersonalDetails_Click(object sender, EventArgs e)
{
if (rndMale.Checked == true)
{
Gender = "Male";
}
else
{
if (rndFemale.Checked == true)
{
Gender = "Female";
}
}
string mySqlCode =
"UPDATE tblPersonalDetails Set [First Name]='" + txtFirstName.Text
+ "',[Last Name] = '" + txtLastName.Text
+ "',Age = '" + txtAge.Text
+ "',Height(cm) = '" + txtHeight.Text
+ "',[Average Resting Heart Rate] = '" + txtAverageRestingHeartRate.Text
+ "',[Contact Number] = '" + txtContactNumber.Text
+ "',newAddress = '" + txtAddress.Text
+ "',Gender = '" + Gender
+ "' WHERE Username= '"+GlobalUsername.username+"'";
insertDatabase(mySqlCode);
}
答案 0 :(得分:4)
让我们从一些基础开始:
不要使用像这样的列名和表名。这是不好的做法。
使用SqlParameter为SqlCommand阻止SQL注入
为BusinesLayer,DataAccessLayer
这是如何看待aspx页面中的代码:
private void btnUpdatePersonalDetails_Click(object sender, EventArgs e)
{
if (rndMale.Checked == true)
{
gender = "Male";
}
else
{
if (rndFemale.Checked == true)
{
gender = "Female";
}
}
PersonalDetails personDetails = new PersonalDetails();
personalDetails.UpdateDetails(txtFirstName.Text, txtLastName.Text, txtAge.Text, txtHeight.Text,txtAverageRestingHeartRate.Text, txtContactNumber.Text, txtAddress.Text, gender, GlobalUserName.username);
}
以下是Business对象类 - >在这里,我将使用重命名的列。您应该重命名数据库中的列。
public void UpdateDetails(string firstName, string lastName, string age, string height, string avgHeartRate, string contactNumber, string address, string gender, string userName)
{
SqlCommand cmd = new SqlCommand(@"
UPDATE
PersonalDetails
SET
FirstName = @FirstName,
LastName = @LastName,
Age = @Age,
Height = @Height,
AvgHeartRate = @AvgHeartRate,
ContactNumber = @ContactNumber
Address = @Address,
Gender = @Gender
WHERE
UserName = @UserName
");
cmd.Parameters.AddWithValue("@FirstName", firstName);
cmd.Parameters.AddWithValue("@LastName", lastName);
cmd.Parameters.AddWithValue("@Age", age);
cmd.Parameters.AddWithValue("@Height", height);
cmd.Parameters.AddWithValue("@AvgHeartRate", avgHeartRate);
cmd.Parameters.AddWithValue("@ContactNumber", contactNumber);
cmd.Parameters.AddWithValue("@Address", address);
cmd.Parameters.AddWithValue("@Gender", gender);
cmd.Parameters.AddWithValue("@UserName", userName);
SqlManager.ExecuteNonQuery(cmd);
}
以下是SqlManager类,有两种方法:
public static int ExecuteNonQuery(SqlCommand cmd)
{
SqlConnection conn = GetSqlConnection(cmd);
try
{
return cmd.ExecuteNonQuery();
}
catch
{
throw;
}
finally
{
conn.Close();
}
}
public static SqlConnection GetSqlConnection(SqlCommand cmd)
{
if (cmd.Connection == null)
{
SqlConnection conn = new SqlConnection(ConnectionString);
conn.Open();
cmd.Connection = conn;
return conn;
}
return cmd.Connection;
}
如果您正确地写了列名,这将更新您的个人详细信息而不会出现问题。我在这个问题中编写了基本数据访问层:checking user name or user email already exists。您可以根据需要进行检查。
答案 1 :(得分:-2)
使用[Height(cm)]代替Height(cm)。