我编写了以下代码,使用c#在asp.net中插入数据。但我发现代码中有错误。你能帮帮我吗?

时间:2015-10-24 11:57:40

标签: c# asp.net sql-server 

protected void btnAuctionInfo_Click(object sender, EventArgs e)
{
    try
    {
        //Database connection
        System.Data.SqlClient.SqlConnection sqlConnection1 = new System.Data.SqlClient.SqlConnection("Data Source=Reshani;Initial Catalog=JKPLC;Integrated Security=True");

        System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand();
        cmd.CommandType = System.Data.CommandType.Text;
        //insert function

        cmd.CommandText = @"INSERT into [Auction_Details] (year,sale_no,sale_Date,lot_no,quantity_sold,value,buyer_name,sample_id,broker_id) VALUES(@year,@sale_no,@Sale_date,@lot_no,@lot_no_quantity,@value,'@buyer_name',null,null)";

        cmd.Connection = sqlConnection1;

        sqlConnection1.Open();
        cmd.ExecuteNonQuery();
        Response.Redirect("homeforStaff.aspx.cs");
        sqlConnection1.Close();
    }
    catch (Exception ex)
    {
        Response.Write("Error :" + ex);
    }

}

1 个答案:

答案 0 :(得分:1)

您最大的问题是您没有为您的命令分配任何SqlParameter。仅仅在字符串中使用@something是不够的。但这不是唯一的问题。请参阅我对以下代码的编辑,仔细阅读评论:

protected void btnAuctionInfo_Click(object sender, EventArgs e)
{
    try
    {
        //Put Disposable resources in "using" blocks to automatically handle clean up.
        //Assign connection to command in the constructor
        using(System.Data.SqlClient.SqlConnection sqlConnection1 = new System.Data.SqlClient.SqlConnection("Data Source=Reshani;Initial Catalog=JKPLC;Integrated Security=True"))
        using(System.Data.SqlClient.SqlCommand cmd = new System.Data.SqlClient.SqlCommand(sqlConnection1))
        {
            cmd.CommandType = System.Data.CommandType.Text;
            //Do not use any quotes around parameters.
            cmd.CommandText = @"INSERT into [Auction_Details] (year,sale_no,sale_Date,lot_no,quantity_sold,value,buyer_name,sample_id,broker_id) VALUES(@year,@sale_no,@Sale_date,@lot_no,@lot_no_quantity,@value,@buyer_name,null,null)";

            //Create parameters
            //SqlDbType is assumed, only you know what data type your parameters are so alter accordingly
            SqlParameter p_year = new SqlParameter("@year", SqlDbType.SmallInt);
            //Set parameter value. Only you know where this value comes from. You can't run the INSERT without assigning values to parameters.
            p_year.Value = 2000;
            //Add eaach parameter to the command
            cmd.Parameters.Add(p_year);

            //Add the other 6 parameters here.....

            sqlConnection1.Open();
            cmd.ExecuteNonQuery();

            //the proper way to Redirect in Asp.Net
            //You do not redirect to .cs files, you request .aspx
            Response.Redirect("homeforStaff.aspx", false);
            Context.ApplicationInstance.CompleteRequest();
        }
    }
    catch (Exception ex)
    {
        //Exception objects have a reasonably good ToString override
        //so make it easy on yourself and just use it.
        Response.Write("Error :" + ex.ToString());
    }
}
相关问题
最新问题