sql查询不起作用:asp.net表连接到数据库并插入数据

时间:2015-11-27 10:11:42

标签: c# sql asp.net

.aspx文件代码

<asp:Content ID="Content2" ContentPlaceHolderID="ContentPlaceHolder1" Runat="Server">
    <div style="background-color:lightgray;font-family:'Comic Sans MS' ">
  <br />
    <h2 style="text-align:center;"> CONTACT <b><span style="color:red">L</span>EA<span style="color:darkgreen">P</span></b> DRIVING SCHOOL</h2>
        <br />
    <fieldset style="align-content:center; color:lightgray;text-align:center ">
      <br /> <br />  
        <asp:Label ID="Label2" runat="server" Text="Name" ForeColor="Black"></asp:Label><br />
        <asp:TextBox ID="TextBox1" runat="server" size="25"  >  </asp:TextBox> <%--<asp:RequiredFieldValidator
            ID="rfvName" runat="server" ErrorMessage="Please enter Name"
            ControlToValidate="TextBox1" Display="Dynamic" ForeColor="#FF3300"
            SetFocusOnError="True"></asp:RequiredFieldValidator>       --%>                                                                                               <br /> <br />
        <asp:Label ID="Label3" runat="server" Text="mobile number" ForeColor="Black"></asp:Label> <br />
          <asp:TextBox ID="TextBox2" runat="server" size="25" ForeColor="Black"></asp:TextBox>  <%-- <asp:RequiredFieldValidator
            ID="RequiredFieldValidator2" runat="server" ErrorMessage="Please enter Number"
            ControlToValidate="TextBox2" Display="Dynamic" ForeColor="#FF3300"
            SetFocusOnError="True"></asp:RequiredFieldValidator>                              --%>                      <br /> <br />
        <asp:Label ID="Label4" runat="server" Text="Email" ForeColor="Black"></asp:Label> <br />
        <asp:TextBox ID="TextBox3" runat="server"  size="25" ></asp:TextBox>   <%--<asp:RequiredFieldValidator ID="rfvEmailId" runat="server"
            ControlToValidate="TextBox3" Display="Dynamic"
            ErrorMessage="Please enter Email Id" ForeColor="Red" SetFocusOnError="True"></asp:RequiredFieldValidator>
        <asp:RegularExpressionValidator ID="rgeEmailId" runat="server"
            ControlToValidate="TextBox3" Display="Dynamic"
            ErrorMessage="Please enter valid email id format" ForeColor="Red"
            SetFocusOnError="True"
            ValidationExpression="\w+([-+.']\w+)*@\w+([-.]\w+)*\.\w+([-.]\w+)*"></asp:RegularExpressionValidator>    --%>                                                                      <br /> <br />
        <asp:Label ID="Label5" runat="server" Text="City" ForeColor="Black"></asp:Label> <br />
         <asp:TextBox ID="TextBox4" runat="server" size="25" ></asp:TextBox>                <br /> <br />
        <asp:Label ID="Label6" runat="server" Text="Message" ForeColor="Black"></asp:Label> <br />
        <asp:TextBox id="TextArea1" TextMode="multiline" Columns="27" Rows="8" runat="server" />  <br /> <br />
    <asp:Button ID="Button1" runat="server" Text="Submit" Font-Bold="true" BackColor="Green" Width="83px" height="37px" OnClick="Button1_Click" />    &nbsp &nbsp &nbsp
        <asp:Button ID="Button2" runat="server" Text="Reset"  Font-Bold="true" BackColor="red" Width="83px" height="37px"/>


        <br /> <br />
        <asp:Label ID="Label1" runat="server" Text=""></asp:Label>
        </fieldset>
<br />
        <br />
    </div>
</asp:Content>

.css文件代码

  protected void Button1_Click(object sender, EventArgs e)
    {
       // string connstring=ConfigurationManager.ConnectionStrings["yourconnstringInWebConfig"].ConnectionString;
     //   SqlConnection con = new SqlConnection();
       // SqlConnection con = new SqlConnection();
       // con.ConnectionString = "Data Source=ADMIN;Initial Catalog=contact;Integrated Security=True";

        string insertSQL="INSERT INTO dbo.contct("  ;
        insertSQL += "name,number,email,city,msg)";
        insertSQL += "VALUES ('";
        insertSQL += TextBox1.Text + "','";
        insertSQL += TextBox2.Text + "','";
        insertSQL += TextBox3.Text + "','";
        insertSQL += TextBox4.Text + "','";
        insertSQL += TextArea1.Text + "','";

       SqlConnection con = new SqlConnection("Data Source=ADMIN;Initial Catalog=contact;Integrated Security=True");
        SqlCommand cmd = new SqlCommand(insertSQL,con);
        int added = 0;
      try  {
          con.Open();
          added = cmd.ExecuteNonQuery();
          Label1.Text = added.ToString() + "successfuly your information is submitted thank you!!";
        }
      catch (Exception er)
      {
          Label1.Text = "error while inserting record";
          Label1.Text = er.Message;
      }

      finally
      {
          con.Close();
      }
    }



}``

这是两个文件代码形式和sql查询,当用户提交按钮时将值插入表单它应该为我在sql数据库中创建的表添加值但是没有数据去那里没有提交任何值我尝试过没有。时间,但它没有工作PLZ帮助我在这

2 个答案:

答案 0 :(得分:0)

您忘了关闭VALUES() 

string insertSQL="INSERT INTO dbo.contct("  ;
    insertSQL += "name,number,email,city,msg)";
    insertSQL += "VALUES ('";
    insertSQL += TextBox1.Text + "','";
    insertSQL += TextBox2.Text + "','";
    insertSQL += TextBox3.Text + "','";
    insertSQL += TextBox4.Text + "','";
    insertSQL += TextArea1.Text + "')";

答案 1 :(得分:0)

Yous insert query sytax不正确,因此没有插入数据。您错过了)的结束括号VALUES(),目前您的查询是针对sql注入的漏洞。我已经参数化了您的查询并对您的代码进行了更改以反映这一点。还建议使用using块关闭并正确配置连接。 

string myQuery = "INSERT INTO dbo.contct(name,number,email,city,msg) VALUES(@name, @number, @email, @city, @msg)";

using (var connection = new SqlConnection("YourConnectionString"))
{
    using (var cmd = new SqlCommand(myQuery, connection))
    {
        cmd.Parameters.Add("@name", SqlDbType.NVarChar).Value = TextBox1.Text;
        cmd.Parameters.Add("@number", SqlDbType.NVarChar).Value = TextBox2.Text;
        cmd.Parameters.Add("@email", SqlDbType.NVarChar).Value = TextBox3.Text;
        cmd.Parameters.Add("@city", SqlDbType.NVarChar).Value = TextBox4.Text;
        cmd.Parameters.Add("@msg", SqlDbType.NVarChar).Value = TextArea1.Text;

        connection.Open();
        cmd.ExecuteNonQuery();
    }
} //Connection closed and disposed autmatically here

阅读Sql注入here

相关问题
最新问题