我试图实现一个插入语句并在pageload中使用我的函数返回。不知道我怎么能同时插入我插入到mysql中的所有内容一次又一次地回来了?
代码:
public partial class UserProfileWall : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
string theUserId = Session["UserID"].ToString();
using (OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=user_name; Password=password_here;"))
{
cn.Open();
using (OdbcCommand cmd = new OdbcCommand("SELECT Wallpostings FROM WallPosting WHERE UserID=" + theUserId + " ORDER BY idWallPosting DESC", cn))
using (OdbcDataReader reader = cmd.ExecuteReader())
{
var divHtml = new System.Text.StringBuilder();
while (reader.Read())
{
divHtml.Append("<div id=test>");
divHtml.Append(String.Format("{0}", reader.GetString(0)));
divHtml.Append("</div>");
}
test1.InnerHtml = divHtml.ToString();
}
}
}
protected void Button1_Click(object sender, EventArgs e)
{
string theUserId = Session["UserID"].ToString();
OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=user_name; Password=password_here;");
cn.Open();
OdbcCommand cmd = new OdbcCommand("INSERT INTO WallPosting (UserID, Wallpostings) VALUES (" + theUserId + ", '" + TextBox1.Text + "')", cn);
cmd.ExecuteNonQuery();
// {
// using (OdbcCommand md = new OdbcCommand("SELECT Wallpostings FROM WallPosting WHERE UserID=" + theUserId + "", cn))
// using (OdbcDataReader reader = cmd.ExecuteReader())
// {
// var divHtml = new System.Text.StringBuilder();
// while (reader.Read())
// {
// divHtml.Append("<div id=test>");
// divHtml.Append(String.Format("{0}", reader.GetString(0)));
// divHtml.Append("</div>");
// }
// test1.InnerHtml = divHtml.ToString();
// }
// }
//}
}
我确实尝试了注释掉的行但是我得到了多个插入,并且页面上没有重新加载。我插入以获取页面加载功能后有一个简单的方法吗?
答案 0 :(得分:5)
首先,将使用墙贴填充元素的代码移动到单独的函数:
private void PopulateWallPosts(string userId)
{
using (OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=user_name; Password=password_here;"))
{
cn.Open();
using (OdbcCommand cmd = new OdbcCommand("SELECT Wallpostings FROM WallPosting WHERE UserID=" + userId) + " ORDER BY idWallPosting DESC", cn))
{
using (OdbcDataReader reader = cmd.ExecuteReader())
{
var divHtml = new System.Text.StringBuilder();
while (reader.Read())
{
divHtml.Append("<div id=test>");
divHtml.Append(String.Format("{0}", reader.GetString(0)));
divHtml.Append("</div>");
}
test1.InnerHtml = divHtml.ToString();
}
}
}
}
现在在Page_Load中调用它:
protected void Page_Load(object sender, EventArgs e)
{
string theUserId = Session["UserID"].ToString();
PopulateWallPosts(theUserId);
}
最后在插入新值后调用它:
protected void Button1_Click(object sender, EventArgs e)
{
string theUserId = Session["UserID"].ToString();
using (OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=user_name; Password=password_here;"))
{
cn.Open();
using (OdbcCommand cmd = new OdbcCommand("INSERT INTO WallPosting (UserID, Wallpostings) VALUES (" + theUserId + ", '" + TextBox1.Text + "')", cn))
{
cmd.ExecuteNonQuery();
}
}
PopulateWallPosts(theUserId);
}
您的注释代码无效,因为您再次执行INSERT INTO命令而不是SELECT命令。
无论如何,您最好了解SQL注入并更改代码以使用Parameters而不是直接将用户ID添加到SQL字符串。