我的应用程序中未提交更新 [英] the Update Not Commited in my Application
本文介绍了我的应用程序中未提交更新的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的应用程序有更新数据库表的updatepage.aspx ..问题是当我点击按钮它需要旧值..并且没有错误,这里是我的代码..希望从masters找到解决方案=] < br $> b $ b
my aplication has updatepage.aspx which updates database tables .. the problem is when i click the button it takes the old values .. and no error ,, here is my code .. hope to find solution from masters =]
protected void Button1_Click(object sender, EventArgs e)
{
prepareConnection();
//Update News
if (_CatID == "1")
{
if (FileUpload1.HasFile)
{
prepareConnection();
string FileName = Path.GetFileName(FileUpload1.PostedFile.FileName);
//save file to disk
FileUpload1.SaveAs(Server.MapPath("~/ArticleImages/News/" + FileName));
_command.CommandText = "UPDATE News SET Title=" + "N'" + titleTextBox.Text + "'" + "," + "Contect=" + "N'" + CKEditor1.Text + "'" + ",img=@FilePath WHERE ID='" + Convert.ToInt16(lblID.Text) + "';";
_command.Parameters.AddWithValue("FilePath", "~/ArticleImages/News/" + FileName);
try
{
_command.ExecuteNonQuery();
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
else
{
prepareConnection();
_command.CommandText = "UPDATE News SET Title=" + "N'" + titleTextBox.Text + "'" + "," + "Contect=" + "N'" + CKEditor1.Text + "'" + " WHERE ID='" + Convert.ToInt16(lblID.Text) + "';";
try
{
_command.ExecuteNonQuery();
}
catch (Exception ex)
{
Response.Write(ex.Message);
}
}
推荐答案
两件事:
1 )不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。特别是在基于Web的应用程序中,来自世界另一端的人可能会在没有努力的情况下破坏您的数据库...
2)检查您的页面加载事件:我很确定您不会检查 IsPostback [ ^ ]在设置页面之前 - 这意味着当用户单击该按钮时,您会在执行Button_Click事件之前覆盖其新值...
Two things:
1) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. Particularly in a web based application, where someone from the other side of the world could destroy your database without even trying hard...
2) Check your Page Load event: I am pretty sure you don't check for IsPostback[^] ebfore setting up your page - which means when the user clicks the button, you overwrite his new values before the Button_Click event is actioned...
这篇关于我的应用程序中未提交更新的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文