请解决此错误 [英] please solve this error

问题描述

将varchar值'System.Web.UI.WebControls.TextBox'转换为数据类型int时转换失败





我的代码

<前lang =c＃> 受保护 void Button1_Click（ object sender，EventArgs e）
{
SqlConnection con = new SqlConnection（ 数据源=。\\SqlExpress;初始目录=科学教师;综合安全=真）;

con.Open（）;


string str = 插入Leaveinfo值（' + TextBox1 + '，' + TextBox2.Text + '，' + DropDownList1.SelectedValue + '，' + TextBox3.ToString（）+ < span class =code-string>'，' + TextBox4.ToString（）+ ' ，' + TextBox5 + '，' + TextBox6.Text + '）;

SqlCommand cmd = new SqlCommand（str，con）;


cmd.ExecuteNonQuery（）;



Label1.Text = 请输入数字到id没有天;
Label1.Visible = true ;


GridView1.Visible = true ;
}

这就是桌子

 User_id int 
 User_name nvarchar（50）
 Leave_type nvarchar（50）
 Sart_date date 
 Finish_date date 
 No_of_days int 
目的nvarchar（MAX ）

解决方案

在查询中放入 TextBox1 ，但TextBox1是TextBox ，你期待一个int。因此，您必须将内容解析为int，例如 int.Parse（TextBox1.Text）。另外，要获取文本框的内容，请不要使用TextBox.ToString（），请使用TextBox.Text



此外，您应该从不为SQL查询使用字符串连接，因为那时你没有受到 SQL注入的保护[ ^ ]！改为使用参数化查询：

  string  str =  插入Leaveinfo值（@ Value1，@ Value2，@ Value3，@ Value4，@ Value5，@ Value6，@ Value7）; 
 SqlCommand cmd =  new  SqlCommand（str，con）; 
 cmd.Parameters.AddWithValue（  @ Value1， INT  .Parse（TextBox1.Text））; 
  //  为所有参数执行此操作 

嗯。

首先，看看你的代码：

  string  str =  插入Leaveinfo值（' + TextBox1 +  '，' + TextBox2.Text +  < span class =code-string>'，' + DropDownList1.SelectedValue +  '，'  + TextBox3.ToString（）+  '，' + TextBox4.ToString（ ）+  '，' + TextBox5 +  '，' + TextBox6.Text +  '） ; 
 

取出不是问题的位：

 ... values（' + TextBox1 +'，' + ... + TextBox3.ToString（）+'，'  + TextBox4.ToString（）+'，' + TextBox5 +'， ' + ... 
  

TextBox与它包含的Text不同：在这里你需要TextBoxN.Text而不是TextBoxN - 因为它们只是将System.Windows.Controls.TextBox添加到你的数据库中而不是用户输入的值。



其次，在INSERT操作中永远不要将列列表留空：SQL将尝试将值插入当前定义的列中列顺序 - 如果有Id它前面的实体字段（我怀疑有）它会尝试将第一个文本框写入其中，然后将第二个文本框写入您查找第一个文本框的位置，依此类推。这可能会导致您的问题。始终为列命名！

  INSERT   INTO  MyTable（TextBox1ColumnName，TextBox2ColumnName，...） VALUES （... 

最后，正如已经提到的那样，不要这样做！不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击敞开大门，这可能会破坏整个数据库。使用参数化查询相反。

永远不要使用字符串连接来创建查询，它会将您的应用程序打开到SQL注入...

使用参数化查询：

http://msdn.microsoft.com/en-us/ library / vstudio / bb738521％28v = vs.100％29.aspx [ ^ ]

Conversion failed when converting the varchar value 'System.Web.UI.WebControls.TextBox' to data type int


my code

protected void Button1_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection("Data Source=.\\SqlExpress; Initial Catalog=subjectsteachers; Integrated Security=True");
           
            con.Open();


       string str = "insert into Leaveinfo values('" + TextBox1 + "','" + TextBox2.Text + "','" + DropDownList1.SelectedValue + "','" +             TextBox3.ToString() + "','" + TextBox4.ToString() + "','" + TextBox5 + "','" + TextBox6.Text + "')";

                SqlCommand cmd = new SqlCommand(str, con);


                cmd.ExecuteNonQuery();

           
            
                Label1.Text = "please enter numeric to id and no of days";
                Label1.Visible = true;
           

            GridView1.Visible = true;
        }

THIS IS THE TABLE

User_id	    int	
User_name	nvarchar(50)	
Leave_type	nvarchar(50)	
Sart_date	date	
Finish_date	date	
No_of_days	int	
Purpose	    nvarchar(MAX)

解决方案

You put TextBox1 in your query, but TextBox1 is a TextBox, and you expect an int. So you'll have to parse the content to an int, like int.Parse(TextBox1.Text). Also, to get the content of a textbox, don't use TextBox.ToString(), use TextBox.Text

Also, you should never use string concatenation for SQL Queries, because then you're not protected against SQL Injection[^]! Use parameterized queries instead:

string str = "insert into Leaveinfo values(@Value1, @Value2, @Value3, @Value4, @Value5, @Value6, @Value7)";
SqlCommand cmd = new SqlCommand(str, con);
cmd.Parameters.AddWithValue("@Value1", int.Parse(TextBox1.Text));
// do this for all parameters

Um.
First, look at your code:

string str = "insert into Leaveinfo values('" + TextBox1 + "','" + TextBox2.Text + "','" + DropDownList1.SelectedValue + "','" +             TextBox3.ToString() + "','" + TextBox4.ToString() + "','" + TextBox5 + "','" + TextBox6.Text + "')";

Taking out the bits that aren't causign a problem:

... values('" + TextBox1 + "','" + ... + TextBox3.ToString() + "','" + TextBox4.ToString() + "','" + TextBox5 + "','" + ...

A TextBox is not the same thign as the Text it contains: in all cases here you want "TextBoxN.Text" instead of "TextBoxN" - as they will just add "System.Windows.Controls.TextBox" to your database instead of the value the user entered.

Second, never leave the columns list blank on an INSERT operation: SQL will try to insert values to the columns in the currently defined column order - so if there is an Identity field at the front (and I suspect there is) It will try to write the first textbox into that, then the second textbox into where you wnated the first one, and so on. This is probably causing your problem. Always name your columns!

INSERT INTO MyTable (TextBox1ColumnName, TextBox2ColumnName, ...) VALUES (...

Finally, as has been mentioned, don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

NEVER use string concatenation to create queries it opens your application to SQL injection...
Use parametrized query:
http://msdn.microsoft.com/en-us/library/vstudio/bb738521%28v=vs.100%29.aspx[^]

这篇关于请解决此错误的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！