我在标签上显示一条消息，但它在开发人员工具中显示异常为re：sys.webforms.pagerequestmanagerparsererrorexception：从服务器端收到的消息... [英] I am displaying a message on label but it showing exception in developer tools as re: sys.webforms.pagerequestmanagerparsererrorexception: the message received from the server cou...

问题描述

我正在将数据插入数据库然后在标签上发送消息

导致成功保存

然后将所有数据绑定到GridView我们已经立即插入插入

我有功能

I am Inserting Data Into Database And Then Giving Message On Label as
Lead Saved Successfully
and then It Bind all Data to GridView Which We have Inserted Now And Earlier inserted
for that I have Function

AllMyLeads();

我有InsertQuery执行数据插入后消息但消息未显示



我还尝试在ShowFunction之后显示消息即

I have Given Message After InsertQuery Execuated Data is Inserting But Message is not Showing

I have also try to Display Message After ShowFunction i.e

AllMyLeads()

但显示消息

Re: Sys.WebForms.PageRequestManagerParserErrorException: The message received from the server cou...

在开发人员工具中


我尝试过：

In developer tool

What I have tried:

SqlConnection connection10 = new SqlConnection(connstring);
                                connection10.Open();
                                if (Addcompanyname1.Text != "")
                                {
                                    string str101 = "exec strp_insertintoAdd_Lead @Companyid=" + companyid1 + ",@Contactperson='" + txtContactPerson1.Text + "',@Telephone='" + str11 + "',@Emailid='" + txtEmailID1.Text + "',@Bankid=" + Bankid1 + ",@BankerContactperson='" + Convert.ToString(txtBankerContactPerson1.Text) + "',@Turnover='" + txtTurnover1.Text + "',@EmailBankperson='" + txtEmailidBankerContactPerson1.Text + "',@SourceLead='" + sourceid + "',@AddressLine1='" + txtAddressLine11.Text + "',@AddressLine2='" + txtAddressLine21.Text + "',@Pincodeid=" + ViewState["pincodeid1"].ToString() + ",@Cityid=" + ViewState["cityid1"].ToString() + ",@Productid=" + pid1 + ",@Ratedby=" + Rbid1 + ",@Createdby=" + ViewState["Userid"].ToString() + ",@Lastupdatedby=" + ViewState["Userid"].ToString() + ",@Datecreatedby='" + date + "',@Lastupdatedon='" + date + "',@Userid=" + ViewState["Userid"].ToString() + ",@LeadOwner=" + ViewState["Userid"].ToString() + ",@bankfacility='" + Convert.ToString(txtbankfacility.Text) + "',@MobileNo='" + Convert.ToString(txtMobileNo.Text) + "',@BankersMobileNumber='" + Convert.ToString(BankerMobileNo.Text) + "',@BankersTelNumber='" + str12 + "'";
                                    new SqlCommand(str101, connection10).ExecuteNonQuery();
                                    lblMessage.Visible = true;
                                    lblMessage.Text = "Lead saved successfully";
                                    bLbVis = true;

                                    connection10.Close();

并且还尝试以下






插入函数中的
我做了

and Also Tryed Following



in Insert Function I have made

bLbVis == true

然后为Show Function我收到消息

and then for Show Function I have Given Message

public void AllMyLeads()
       {
           emptygrid.Visible = false;
           dset = getDataDataset("exec strp_downloadallmyleads @leadowner='" + ViewState["Userid"].ToString() + "'");
           if (dset.Tables[0].Rows.Count == 0)
           {
               emptygrid.Visible = true;
           }
           else
           {
               girdAllMyleads.DataSource = dset.Tables[0];
               girdAllMyleads.DataBind();
           }

           if (bLbVis == true)
           {
               lblMessage.Visible = true;
               lblMessage.Text = "Lead saved successfully";
               return;
           }
       }

推荐答案

不要这样做！永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。请改用参数化查询。

您不需要执行SP：您可以直接向SP执行参数化调用而无需EXEC：

Don;t do it like that! Never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
You don't need to EXEC your SP: you can do a parameterised call directly to the SP without EXEC:

using (SqlCommand com = new SqlCommand("MyStoredProcedureName", con))
    {
    com.CommandType = CommandType.StoredProcedure;
    com.Parameters.AddWithValue("@PARAM", "the value for the parameter");
    com.ExecuteNonQuery();
    }

然后，看看你的存储过程，看看他们做了什么：没有你可以;开始诊断你的问题。

Then, look at your stored procedures, and see what they do: without that you can;t begin to diagnose your problems.

str101，connection10？是的，那些不是描述性的变量名。您是否听说过自我记录代码的概念？我建议你谷歌并阅读。



OW，我的眼睛！



另外，那个SQL字符串......令人恐惧。通过使用字符串连接来构建SQL查询字符串，您还可以轻松地破解代码并使调试变得更加困难。



我建议您使用Google对于SQL注入攻击，找出你做了什么是如此糟糕的原因和C＃SQL参数化查询，以找出如何处理它。

"str101", "connection10"? Yeah, those are not descriptive variable names. Have you ever heard of the concept of "self documenting code"? I suggest you Google it and have a read.

OW, MY EYES!

Also, that SQL string is ... horrifying. By using string concatentation to build your SQL query string, you also made it very easy to break your code and made it far more difficult to debug.

I suggest you Google for "SQL Injection Attack" to find out why what you did is so bad and "C# SQL parameterized queries" to find out what to do about it.

这篇关于我在标签上显示一条消息，但它在开发人员工具中显示异常为re：sys.webforms.pagerequestmanagerparsererrorexception：从服务器端收到的消息...的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！