删除和更新无效。 [英] Delete and Update is not working.
本文介绍了删除和更新无效。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
使用以下代码我想删除并更新,但它不起作用。
表
using following code I want to delete and update but its not working.
Table
CREATE TABLE [dbo].[Telephone] (
[FName] VARCHAR (50) NULL,
[LName] VARCHAR (50) NULL,
[Mobile] VARCHAR (50) NULL,
[Email] VARCHAR (50) NULL,
[Category] VARCHAR (50) NULL
);
代码
Code
private void btn_delete_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd = new SqlCommand("DELETE from Telephone where (FName= ' " + txt_fname.Text + " ')", con);
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Contact Deleted...");
Display();
}
private void btn_update_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd = new SqlCommand("UPDATE Telephone set FName = '" +txt_fname.Text.Trim()+ "', LName= '" +txt_lname.Text.Trim()+ "', Email = '" +txt_email.Text.Trim()+ "', Category = '" +cmb_category.Text.Trim()+ "' where (Mobile= '" + txt_mobile.Text.Trim() + "')", con);
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Contact Updated...");
Display();
}
推荐答案
首先,警告:
如果我在你的txt_fname中输入这个怎么办?
');删除电话; -
任何想法是什么可能会对你的数据做什么?
这叫做SQL注入,你的代码是敞开的。请改用参数化查询。这将保护你免受邪恶:
First, a warning:
What if I typed this into your txt_fname?
');delete telephone;--
Any idea what that might do to your data?
This is called SQL Injection and your code is wide open to it. Use parameterised queries instead. That will protect you from evil:
SqlCommand cmd = new SqlCommand("DELETE from Telephone where (FName= @fname)", con);
cmd.Parameters.Add(new SqlParameter("@fname",SqlDbType.VarChar){Value=txt_fname.Text}));
On with your your问题。
我假设您没有收到任何错误消息,因此您必须添加更多调试信息,如下所示:
On with your question.
I assume you don't get any error messages so you have to add more debug info, like this:
private void btn_delete_Click(object sender, EventArgs e)
{
con.Open();
SqlCommand cmd = new SqlCommand("DELETE from Telephone where (FName= @fname)", con);
cmd.Parameters.Add(new SqlParameter("@fname",SqlDbType.VarChar){Value=txt_fname.Text}));
int rowsAffected = cmd.ExecuteNonQuery();
con.Close();
if(rowsAffected==1)
MessageBox.Show("Contact Deleted...");
else
MessageBox.Show(string.Format("Problem with delete: {0} records deleted.\n Query:'{1}', Parameter @fname='{2}'",rowsAffected,cmd.CommandText,txt_fname.Text));
Display();
}
如果一条记录的零或更多更新,则该信息应为:
If zero or more that one records are updated then the message should read:
Problem with delete: 0 records deleted.
Query:'DELETE from Telephone where (FName= @fname)', "Parameter @fname='SomeTextThatDidn'tWork'
PS:此外,您的查询在参数周围有空格:
PS: also, your query has whitespace around the parameter:
"FName= ' " + txt_fname.Text + " ')"
"FName= '" + txt_fname.Text + "')"
使用参数也可以防止这种情况
Using parameters will prevent this also
这篇关于删除和更新无效。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
