我之前从未这样做过,所以我希望你们中的一些人知道怎么做。
基本上我在CreateModule页面上做了一个插入,然后我想获取新的ModuleID(在数据库中创建并且我还没有插入)和ModuleTitle并将它带到CreateModule2页面。 / p>
我非常感谢所有帮助。
C#
protected void CreateNewModule_Click(object sender, EventArgs e)
{
// open new connection
SqlConnection connect1 = new SqlConnection(ConfigurationManager.ConnectionStrings["DefaultConnection"].ConnectionString);
connect1.Open();
// initalise variables for update
String Title = ModuleTitleText.Text;
String Mtext = ModuleTextText.Text;
String Com = CompulsoryDropdown.Text;
String CAT = CATpointsText.Text;
String Lev = LevelText.Text;
String Ass = AssessmentText.Text;
String MCode = ModuleCodeText.Text;
String Status = ModuleStatusDropdown.Text;
// convert string to Int
Int32 Levconverted = Convert.ToInt32(Lev);
Int32 CATconverted = Convert.ToInt32(CAT);
// Insert Query to Add new student record to student records table in database
String queryInsert = "INSERT INTO Module_Info (ModuleTitle, ModuleText, Compulsory, CATpoints, Level, Assessment, ModuleCode, ModuleStatus) VALUES ('" + Title + "', '" + Mtext + "', '" + Com + "', '" + CAT + "', '" + Lev + "', '" + Ass + "', '" + MCode + "', '" + Status + "'); SELECT LAST_INSERT_ID()";
// excute insert query
SqlCommand myCommand = new SqlCommand(queryInsert, connect1);
myCommand.Parameters.Add("@title", SqlDbType.NVarChar).Value = Title;
int idmodule = Convert.ToInt32(myCommand.ExecuteScalar());
// alerts for successfull upload
Response.Write("<script type='text/javascript'>");
Response.Write("alert('New Module has been added. Please select a course to align the module to in the next page.');");
Response.Write("document.location.href='CreateModule2.aspx';");
Response.Write("</script>");
}
然后这是前端代码。
<table style="width: 100%;">
<tr>
<td><asp:Label ID="ModuleTitle" runat="server" Text="Module Title" Font-Bold="true"></asp:Label></td>
<td><asp:TextBox ID="ModuleTitleText" runat="server" TextMode="MultiLine" style="overflow:hidden" onkeyup="AutoExpand(this)" Rows="1" width="700px" ></asp:TextBox>
<asp:RequiredFieldValidator runat="server" id="reqModuleTitle" controltovalidate="ModuleTitleText"
errormessage="* Please enter the module title" ForeColor="Red" Font-Bold="true" Font-Size="Small" /></td>
</tr>
<tr>
<td><asp:Label ID="ModuleText" runat="server" Text="Module Text" Font-Bold="true" ></asp:Label></td>
<td><asp:TextBox ID="ModuleTextText" runat="server" TextMode="MultiLine" style="overflow:hidden" onkeyup="AutoExpand(this)" Rows="4" width="800px"></asp:TextBox>
<asp:RequiredFieldValidator runat="server" id="reqModuleText" controltovalidate="ModuleTextText"
errormessage="*Please enter the Module Information" ForeColor="Red" Font-Bold="true" Font-Size="Small" /></td>
</tr>
<tr>
<!-- dropdown list to select value-->
<td><asp:Label ID="Compulsory" runat="server" Text="Compulsory Status" Font-Bold="true" ></asp:Label> </td>
<td><asp:DropDownList ID="CompulsoryDropdown" runat="server">
<asp:ListItem Value="true">Compulsory</asp:ListItem>
<asp:ListItem Value="false">Non-Compulsory</asp:ListItem>
</asp:DropDownList></td>
</tr>
<tr>
<td><asp:Label ID="CATpoints" runat="server" Text="CATpoints" Font-Bold="true"></asp:Label></td>
<td><asp:TextBox ID="CATpointsText" runat="server" TextMode="MultiLine" style="overflow:hidden" onkeyup="AutoExpand(this)" Rows="1" width="100px"></asp:TextBox>
<asp:RequiredFieldValidator runat="server" id="reqCATpoints" controltovalidate="CATpointsText"
errormessage="*Please enter the A-Level Requirements" ForeColor="Red" Font-Bold="true" Font-Size="Small" /></td>
</tr>
<tr>
<td><asp:Label ID="Level" runat="server" Text="Level" Font-Bold="true"></asp:Label></td>
<td><asp:TextBox ID="LevelText" runat="server" TextMode="MultiLine" style="overflow:hidden" onkeyup="AutoExpand(this)" Rows="1" width="100px"></asp:TextBox>
<asp:RequiredFieldValidator runat="server" id="reqLevel" controltovalidate="LevelText"
errormessage="*Please enter the Level of the module" ForeColor="Red" Font-Bold="true" Font-Size="Small" /></td>
</tr>
<tr>
<td><asp:Label ID="Assessment" runat="server" Text="Assessment" Font-Bold="true"></asp:Label></td>
<td><asp:TextBox ID="AssessmentText" runat="server" TextMode="MultiLine" style="overflow:hidden" onkeyup="AutoExpand(this)" Rows="1" width="600px"></asp:TextBox>
<asp:RequiredFieldValidator runat="server" id="ReqAssessment" controltovalidate="AssessmentText"
errormessage="*Please enter the Assessment details" ForeColor="Red" Font-Bold="true" Font-Size="Small" /></td>
</tr>
<tr>
<td><asp:Label ID="ModuleCode" runat="server" Text="Module Code" Font-Bold="true" ></asp:Label> </td>
<td><asp:TextBox ID="ModuleCodeText" runat="server" TextMode="MultiLine" style="overflow:hidden" onkeyup="AutoExpand(this)" Rows="1" width="300px"></asp:TextBox>
<asp:RequiredFieldValidator runat="server" id="ReqModuleCode" controltovalidate="ModuleCodeText"
errormessage="*Please enter the module code" ForeColor="Red" Font-Bold="true" Font-Size="Small" />
</td>
</tr>
<tr>
<!-- dropdown list to select value-->
<td><asp:Label ID="ModuleStatus" runat="server" Text="Module Status" Font-Bold="true" ></asp:Label> </td>
<td><asp:DropDownList ID="ModuleStatusDropdown" runat="server">
<asp:ListItem Value="Running">Running</asp:ListItem>
<asp:ListItem Value="Suspended">Suspended</asp:ListItem>
<asp:ListItem Value="Withdrawn">Withdrawn</asp:ListItem>
</asp:DropDownList></td>
</tr>
<tr>
<td> </td>
<td> </td>
</tr>
<tr>
<td><asp:Button ID="SubmitModule" runat="server" Text="Submit" OnClick="CreateNewModule_Click" /></td>
</tr>
</table>
答案 0 :(得分:0)
您的代码很丑陋,错误并要求SQL注入。只是祈祷没有人输入像DROP TABLE&Module;&quot; Module_Info&#39 ;;在ModuleTitleText .. 也就是说,将您的查询更改为:
String queryInsert = "INSERT INTO Module_Info (ModuleTitle, ModuleText, Compulsory, CATpoints, Level, Assessment, ModuleCode, ModuleStatus) VALUES ('" + Title + "', '" + Mtext + "', '" + Com + "', '" + CAT + "', '" + Lev + "', '" + Ass + "', '" + MCode + "', '" + Status + "'); SELECT LAST_INSERT_ID()"
然后使用:
int result = (int) myCommand.ExecuteScalar();
假设您的id col设置为AUTO_INCREMENT
编辑。 在SQL Server中,将其更改为SCOPE_IDENTITY()
答案 1 :(得分:0)
首先,您应该知道字符串连接在数据库代码中是一种非常糟糕的做法。它导致Sql Injections和解析问题。对于所有这些原因,更好的做法是使用参数化查询,然后在表中找回最后插入的标识,修复非常简单
String queryInsert = @"INSERT INTO Module_Info
(ModuleTitle, ModuleText, Compulsory, CATpoints, Level,
Assessment, ModuleCode, ModuleStatus) VALUES
(@title, @mtext, @Com, @cat, @lev, @Ass, @MCode, @Status);
SELECT SCOPE_IDENTITY()";
SqlCommand myCommand = new SqlCommand(queryInsert, connect1);
myCommand.Parameters.Add("@title", SqlDbType.NVarChar).Value = Title;
.... ...
// and so on with all other parameters required
// paying attention to use the appropriate SqlDbType for the
// field updated by the parameter value...
// Don't run ExecuteNonQuery, but ExecuteScalar to get the last
// value returned by SCOPE_IDENTITY()
int idmodule = Convert.ToInt32(myCommand.ExecuteScalar());
如您所见,查询包含两条指令,最后一条返回插入module_info表中的ID,您可以使用ExecuteScalar
获取它等待澄清MySql vs Sql Server问题。我将向您显示相同的代码但是对于MySql
String queryInsert = @"INSERT INTO Module_Info
(ModuleTitle, ModuleText, Compulsory, CATpoints, Level,
Assessment, ModuleCode, ModuleStatus) VALUES
(@title, @mtext, @Com, @cat, @lev, @Ass, @MCode, @Status);
SELECT last_insert_id()";
MySqlCommand myCommand = new MySqlCommand(queryInsert, connect1);
myCommand.Parameters.Add("@title", MySqlDbType.VarChar).Value = Title;
注意last_insert_id函数的用法以及MySql而不是Sql Server的类的用法
关于将其传递到您的被叫页面。通常的方法是将结果放在查询字符串中并在查看QueryString集合的被调用页面中抓取它
Response.Write("<script type='text/javascript'>");
Response.Write("alert('New Module has been added. Please select a course to align the module to in the next page.');");
Response.Write("document.location.href='CreateModule2.aspx?ModuleID=" + idmodule + "&Title=" + Title + "';");
Response.Write("</script>");
答案 2 :(得分:0)
您希望将此附加到SQL字符串的末尾:
int id = myCommand.ExecuteScalar();
这将返回新创建的记录的ID。然后,您可以通过将myCommand.ExecuteQuery()替换为:
来获取该值process.env然后,您可以使用带有id的Response.Redirect进入下一页,并使用它来加载新创建的记录中的任何内容。