我想将文档编号插入到vm服务器的adjustments_config表中,如下所示:
public string conString = "Data Source=vmrserver;Initial Catalog=Commission_web;Integrated Security=True";
SqlConnection con = new SqlConnection(conString);
con.Open();
if(con.State == System.Data.ConnectionState.Open)
{
string q = "insert into adjustments_config(document_number)values('" + TextBoxDocNo.Text + "')";
SqlCommand cmd = new SqlCommand(q, con);
cmd.ExecuteNonQuery();
Response.Redirect("About.aspx");
}
答案 0 :(得分:1)
如果没有更多信息,我无法告诉您问题是什么,但您的SQL很容易受到SQL注入攻击。您的代码可能存在问题,即文档编号中包含撇号,导致易受攻击的代码爆炸 试试这个让你入门:
//tbody[contains(@id,'tableBodyId')]//input