我是ASP.NET的新手,我在更新ASP.NET中的数据库内部时遇到了一些困难。我的代码显示没有错误,但仍然没有更新记录。我正在使用SQL Server 2012.
背后的代码如下:
protected void Page_Load(object sender, EventArgs e)
{
if (Session["user"] != null)
{
con.Open();
string query = "Select * from Customers where UserName ='" + Session["user"] + "'";
SqlCommand cmd = new SqlCommand(query, con);
SqlDataReader reader = cmd.ExecuteReader();
if (reader.Read())
{
txt_name.Text = reader["CustName"].ToString();
txt_phonenumber.Text = reader["Contact"].ToString();
txt_address.Text = reader["CustAddress"].ToString();
txt_cardnum.Text = reader["CustAccountNo"].ToString();
txt_city.Text = reader["CustCity"].ToString();
txt_emailaddress.Text = reader["Email"].ToString();
txt_postalcode.Text = reader["CustPOBox"].ToString();
Cnic.Text = reader["CustCNIC"].ToString();
}
con.Close();
}
else
{
Response.Redirect("Login.aspx");
}
}
protected void BtnSubmit_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd2 = con.CreateCommand();
SqlCommand cmd1 = con.CreateCommand();
cmd1.CommandType = CommandType.Text;
cmd1.CommandText = "Select CustID from Customers where UserName = '" + Session["user"] + "'";
int id = Convert.ToInt32(cmd1.ExecuteScalar());
cmd2.CommandType = CommandType.Text;
cmd2.CommandText = "update Customers set CustName='" + txt_name.Text + "',CustCNIC='" + Cnic.Text + "',Email='" + txt_emailaddress.Text + "',CustAccountNo='" + txt_cardnum.Text + "',CustAddress='" + txt_address.Text + "',CustPOBox='" + txt_postalcode.Text + "' where CustID='" + id + "'";
cmd2.ExecuteNonQuery();
con.Close();
}
非常感谢帮助。谢谢!
调试后我得到的结果就是这个
cmd2.CommandText "update Customers set CustName='Umer Farooq',CustCNIC='42101555555555',Email='adada@gmail.com',CustAccountNo='0',CustAddress='',CustPOBox='0' where CustID='6'" string
此处帐号和POBOX为0,地址为空字符串。但我填写了文本字段
答案 0 :(得分:1)
要做的第一件事就是使用好的ADO技术,使用SqlParameters作为传入的值;而不是将字符串连接在一起的风险 SQL注入方法。
这第一部分就是这样做的。我已在int sqlRA变量中添加了读取非查询的结果,该结果将返回受查询影响的行。这包含在一个简单的try...catch例程中,可以在任何错误上将值设置为负1。其他错误处理由您决定。这使得您的代码看起来像这样:
cmd1.Parameters.AddWithValue("@SessionUser", Session["User"]);
int id = Convert.ToInt32(cmd1.ExecuteScalar());
cmd2.CommandType = CommandType.Text;
cmd2.CommandText = "UPDATE Customers SET CustName = @CustName, CustCNIC = @CustCNIC, Email = @Email, CustAccountNo = @CustAccountNo, CustAddress = @CustAddress, CustPOBox = @CustPOBox WHERE (CustID = @CustID)";
cmd2.Parameters.AddWithValue("@CustName", txt_name.Text);
cmd2.Parameters.AddWithValue("@CustCNIC", Cnic.Text);
cmd2.Parameters.AddWithValue("@Email", txt_emailaddress.Text);
cmd2.Parameters.AddWithValue("@CustAccountNo", txt_cardnum.Text);
cmd2.Parameters.AddWithValue("@CustAddress", txt_address.Text);
cmd2.Parameters.AddWithValue("@CustPOBox", txt_postalcode.Text);
cmd2.Parameters.AddWithValue("@CustID", id);
int sqlRA
try { sqlRA = cmd2.ExecuteNonQuery(); }
catch (Exception ex) {
sqlRA = -1;
// your error handling
}
/* sqlRA values explained
-1 : Error occurred
0 : Record not found
1 : 1 Record updated
>1 :Multiple records updated
*/
现在阅读您的代码,我们在第一个查询中所做的就是将Session [“User”]映射到id,然后在第二个查询中使用该id进行更新,并且不更新Username第二。最有可能浪费查询,因为我们可以使用Session [“User”]来进行更新。这将使您了解此查询,并仍然返回该行受影响的值:
cmd0.CommandType = CommandType.Text;
cmd0.CommandText = "UPDATE Customers SET CustName = @CustName, CustCNIC = @CustCNIC, Email = @Email, CustAccountNo = @CustAccountNo, CustAddress = @CustAddress, CustPOBox = @CustPOBox WHERE (UserName = @SessionUser)";
cmd0.Parameters.AddWithValue("@CustName", txt_name.Text);
cmd0.Parameters.AddWithValue("@CustCNIC", Cnic.Text);
cmd0.Parameters.AddWithValue("@Email", txt_emailaddress.Text);
cmd0.Parameters.AddWithValue("@CustAccountNo", txt_cardnum.Text);
cmd0.Parameters.AddWithValue("@CustAddress", txt_address.Text);
cmd0.Parameters.AddWithValue("@CustPOBox", txt_postalcode.Text);
cmd0.Parameters.AddWithValue("@SessionUser", Session["User"]);
int sqlRA
try { sqlRA = cmd0.ExecuteNonQuery(); }
catch (Exception ex) {
sqlRA = -1;
// your error handling
}
/* sqlRA values explained
-1 : Error occurred
0 : Record not found
1 : 1 Record updated
>1 :Multiple records updated
*/
答案 1 :(得分:0)
当BtnSubmit触发事件时,Page_Load中的代码在BtnSubmit中的代码之前运行,在更新发生之前用Text中的值替换TextBox中的值。