我使用"用户名"登录页面和"密码",然后我到达订单页面并在会话中添加用户名。在订单页面,我想显示用户客户ID。所以我在sql中使用用户名以获取字符串中的客户ID。但是,我无法得到它。
登录页面
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
namespace SalesSystem
{
public partial class Login : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void btnlogin_Click(object sender, EventArgs e)
{
string username = txtname.Text;
string password = txtpassword.Text;
try
{
string connectionString = "Data Source=(local);Initial Catalog=MOE;Integrated Security=True";
SqlConnection mysqlConnection = new SqlConnection(connectionString);
SqlCommand cmd = new SqlCommand();
cmd.Connection = mysqlConnection;
cmd.CommandType = CommandType.StoredProcedure;
cmd.CommandText = "get_cus_001";
cmd.Parameters.AddWithValue("@cName", username);
cmd.Parameters.AddWithValue("@cPsw", password);
mysqlConnection.Open();
cmd.ExecuteNonQuery();
SqlDataAdapter adp = new SqlDataAdapter();
adp.SelectCommand = cmd;
DataTable dt = new DataTable();
adp.Fill(dt);
if (dt.Rows.Count > 0)
{
Session["customername"] = username;
Label3.Text = "Success";
Response.Redirect("Order.aspx");
}
else
{
Label3.Text = "Fail";
}
//mysqlConnection.Close();
}
catch (Exception ex)
{
Label3.Text = ex.Message;
}
}
}
}
订购页面
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
namespace SalesSystem
{
public partial class Order : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
String customername = (String)Session["customername"];
txtorderdate.Text = customername;
SqlConnection connn = new SqlConnection();
connn.ConnectionString = "Data Source=(local);Initial Catalog=MOE;Integrated Security=True";
connn.Open();
SqlCommand res = new SqlCommand("Select CustomerID from Customer where Customername ="+customername +"", connn);
SqlDataAdapter adp = new SqlDataAdapter();
adp.SelectCommand = res;
DataTable dt = new DataTable();
adp.Fill(dt);
txtcustomerid.Text = dt.Rows[0]["CustomerID"].ToString();
try
{
if (!IsPostBack)
{
SqlConnection conn = new SqlConnection();
conn.ConnectionString = "Data Source=(local);Initial Catalog=MOE;Integrated Security=True";
conn.Open();
SqlCommand da = new SqlCommand("Select Itemid,ItemName from Item", conn);
DropDownList1.DataSource = da.ExecuteReader();
//DataSet ds = new DataSet();
// da.Fill(ds, "Item");
//ddlitemid.DataSource = ds.Tables["Item"].DefaultView;
DropDownList1.DataTextField = "Itemname";
DropDownList1.DataValueField = "Itemid";
DropDownList1.DataBind();
conn.Close();
}
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
protected void btnadd_Click(object sender, EventArgs e)
{
string orderdate = txtorderdate.Text;
string customerid = txtcustomerid.Text;
string itemid = DropDownList1.SelectedValue;
string qty = txtquantity.Text;
SqlConnection con = new SqlConnection();
con.ConnectionString = "Data Source=(local);Initial Catalog=MOE;Integrated Security=True";
con.Open();
SqlCommand result = new SqlCommand("Insert Into [Order](Orderdate,Customerid,Itemid,OQty) Values ('" + orderdate + "','" + customerid + "','" + itemid + "','" + qty + "')", con);
result.ExecuteNonQuery();
}
protected void DropDownList1_SelectedIndexChanged(object sender, EventArgs e)
{
}
}
}
我可以成功登录,当我到达订单页面时,显示我输入的姓氏附近存在语法错误的框。请帮帮我。
答案 0 :(得分:1)
更改你的SQL查询
SqlCommand res = new SqlCommand("Select CustomerID from Customer where Customername ='"+customername +"'", connn);
答案 1 :(得分:1)
来自selecting的{{1}}数据基于类型为database的{{1}}。
column值始终需要被varchar包围,并且您没有在varchar附近给出引号。
使用quotes SQL来阻止customername。像这样更改您的插入查询
parameterized答案 2 :(得分:1)
错误不在session.Error是在你的SQL查询
SqlCommand res = new SqlCommand("Select CustomerID from Customer where Customername ='"+customername +"'", connn);
答案 3 :(得分:0)