我有一个使用vb在ASP.net中插入值的代码。我的代码有问题,说登录失败,无法打开数据库。
Dim struser, strpass, stremail As String
struser = TextBox1.Text
strpass = TextBox2.Text
stremail = TextBox4.Text
'declaring sql connection.
Dim thisConnection As New SqlConnection(ConfigurationManager.ConnectionStrings("DatabaseConnection").ConnectionString)
'Create Command object
Dim nonqueryCommand As SqlCommand = thisConnection.CreateCommand()
Try
' Open Connection
thisConnection.Open()
Dim strcommand As String
strcommand = "Insert into Account (Username,Password, Email) values ('" + struser + "','" + strpass + "','" + stremail + "')"
Dim sqlcomm As New SqlCommand(strcommand, thisConnection)
Dim o As String = sqlcomm.ExecuteNonQuery()
Catch ex As SqlException
' Display error
MsgBox(ex.ToString())
Finally
' Close Connection
MsgBox("Success")
thisConnection.Close()
End Try
连接字符串:
<add name="DatabaseConnection" connectionString="Data Source=.\SQLEXPRESS;Initial Catalog=o2database.mdf;Integrated Security=SSPI" providerName="System.Data.SqlClient"/>
答案 0 :(得分:2)
我认为您的初始目录是错误的。你指向一个你应该在这里使用数据库名称的文件。我猜o2database。
如果不是这种情况 - 您正在使用SSPI登录 - 也许您的用户无权这样做。
另一件事是您的网络应用程序未在iis中配置以传递您的域用户凭据 - 因此无法使用SSPI登录。
答案 1 :(得分:2)
1)初始目录必须是您正在访问的模式的名称
2)您可以使用“服务器资源管理器”&amp;尝试只连接到数据库 从那里。一旦成功,只需从中复制连接字符串 属性和替换当前的连接字符串。
答案 2 :(得分:1)
你的代码是对的,问题是你的sql server配置,你无法访问具有集成安全性的sql server,所以,你需要配置它才能正常工作,看看这篇帖子:
http://support.microsoft.com/kb/914277
如果您在IIS中,您也应该能够在SQL Server上进行远程访问。
了解如何使用SSI进行访问:
http://msdn.microsoft.com/en-us/library/aa984236(v=vs.71).aspx
答案 3 :(得分:0)
警告 :您在代码中引发了SQL注入。
Create Proc ProcedureName
@UserName Varchar(50),
@Password Varchar(50),
@Email Varchar(50)
As
SET NOCOUNT ON
SET XACT_ABORT ON
Begin Try
Begin Tran
Insert into Account (Username,Password, Email)
Values(@UserName, @Password, @Email)
Commit Tran
End Try
Begin Catch
Rollback Tran
End Catch
private void InsertRecord()
{
String struser = string.Empty, strpass = string.Empty, stremail = string.Empty;
using (SqlConnection con = new SqlConnection("Your Connection String"))
{
using (SqlCommand cmd = new SqlCommand())
{
cmd.Connection = con;
cmd.CommandType = System.Data.CommandType.StoredProcedure;
cmd.CommandText = "Your Stored Procedure name";
SqlParameter[] param = new SqlParameter[3];
param[0].Direction = System.Data.ParameterDirection.Input;
param[0].ParameterName = "UserName";
param[0].Value = struser;
cmd.Parameters.Add(param[0]);
param[1].Direction = System.Data.ParameterDirection.Input;
param[1].ParameterName = "Password";
param[1].Value = strpass;
cmd.Parameters.Add(param[1]);
param[2].Direction = System.Data.ParameterDirection.Input;
param[2].ParameterName = "Email";
param[2].Value = stremail;
cmd.Parameters.Add(param[2]);
cmd.ExecuteNonQuery();
}
}
}
Private Sub InsertRecord()
Dim struser As [String] = String.Empty, strpass As [String] = String.Empty, stremail As [String] = String.Empty
Using con As New SqlConnection("Your Connection String")
Using cmd As New SqlCommand()
cmd.Connection = con
cmd.CommandType = System.Data.CommandType.StoredProcedure
cmd.CommandText = "Your Stored Procedure name"
Dim param As SqlParameter() = New SqlParameter(2) {}
param(0).Direction = System.Data.ParameterDirection.Input
param(0).ParameterName = "UserName"
param(0).Value = struser
cmd.Parameters.Add(param(0))
param(1).Direction = System.Data.ParameterDirection.Input
param(1).ParameterName = "Password"
param(1).Value = strpass
cmd.Parameters.Add(param(1))
param(2).Direction = System.Data.ParameterDirection.Input
param(2).ParameterName = "Email"
param(2).Value = stremail
cmd.Parameters.Add(param(2))
cmd.ExecuteNonQuery()
End Using
End Using
End Sub