在另一页问题中插入数据 [英] Insert data in another page problem
问题描述
现在我添加了我的注册页面以进行重定向是
Response.Redirect("ViewJdetailed.aspx?eid =""+ txteid.Text +"'');
而我的addexp页面代码是
now I added My registration pagefor redirecting is
Response.Redirect("ViewJdetailed.aspx?eid=''" + txteid.Text + "''");
and my addexp page code is
protected void btnsave_Click(object sender, EventArgs e)
{
String email = Convert.ToString(Request.QueryString["eid"]);
//string email = Convert.ToString(Request.QueryString["eid"]);
//string fromdate=Drp_Fromdate_M.SelectedItem.Text + "/" + Drp_Fromdate_y.SelectedItem.Text;
//string todate = Drp_Todate_M.SelectedItem.Text + "/" + Drp_Todate_y.SelectedItem.Text;
string Str = "insert into Jobseeker_Past(Email,company,fdate,tdate,farea,jobbrief,date1)values('" + email + "','" + Txt_CompanyName.Text + "','" + txtfrom.Text + "','" + txtto.Text + "','" + Drp_Fun.SelectedItem.Text + "','" + Txt_job.Text + "','"+System.DateTime.Now+"')";
SqlCommand cmd = new SqlCommand(Str, cnn);
cnn.Open();
cmd.ExecuteNonQuery();
lblmsg.Text = "Successfully Inserted";
clear();
cnn.Close();
}
protected void clear()
{
Txt_CompanyName.Text = "";
txtfrom.Text = "";
txtto.Text = "";
Drp_Fun.Items.Clear() ;
Txt_job.Text = "";
}
}
但出现错误
``cc @ cc''附近的语法不正确.
说明:执行当前Web请求期间发生未处理的异常.请查看堆栈跟踪,以获取有关错误及其在代码中起源的更多信息.
异常详细信息:System.Data.SqlClient.SqlException:靠近"cc @ cc"的语法不正确.
源错误:
第43行:字符串电子邮件= Request.QueryString ["eid"].ToString();
第44行:cmd = new SqlCommand(从registration1中选择*,其中eid =""+电子邮件+"",cnn);
第45行:dr = cmd.ExecuteReader();
第46行:dr.Read();
第47行:
帮忙.
我创建了用于上传简历的Dp登录.
我的第一页是注册页面.如果注册成功,则会重定向到体验页面.
我想在表格中插入电子邮件ID,所以我在exp页面上的代码就是这样,
but I get error
Incorrect syntax near ''cc@cc''.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near ''cc@cc''.
Source Error:
Line 43: string email = Request.QueryString["eid"].ToString();
Line 44: cmd = new SqlCommand("Select * from registration1 where eid = ''" + email + "'' ", cnn);
Line 45: dr = cmd.ExecuteReader();
Line 46: dr.Read();
Line 47:
so help.
I created Dp login for upload cv.
My first page is registration page. if it successfully registered it redirect into experence page.
I want to insert email id in table so my code on exp page is like that,
protected void btnsave_Click(object sender, EventArgs e)
{
string email = Convert.ToString(Request.QueryString["eid"]);
string Str = "insert into Jobseeker_Past(Email,company,fdate,tdate,farea,jobbrief,date1)values('" + email + "','" + Txt_CompanyName.Text + "','" + txtfrom.Text + "','" + txtto.Text + "','" + Drp_Fun.SelectedItem.Text + "','" + Txt_job.Text + "','"+System.DateTime.Now+"')";
SqlCommand cmd = new SqlCommand(Str, cnn);
cnn.Open();
int i = cmd.ExecuteNonQuery();
if (i == 1)
{
lblmsg.Text = "Successfully Inserted";
}
else
{
Response.Write("error..");
}
clear();
cnn.Close();
}
protected void clear()
{
Txt_CompanyName.Text = "";
txtfrom.Text = "";
txtto.Text = "";
Drp_Fun.Items.Clear() ;
Txt_job.Text = "";
}
但它的电子邮件ID为null.
因此,我该如何插入电子邮件ID.
but it takes the email id null.
so how can i insert email id.
推荐答案
请参阅我对问题的评论.也许您需要提供更详细的信息.但是,不是这种情况,因为整个想法是错误的.并不是说它不起作用,但是您所做的事情是如此不安全,以至于您永远都不应做这样的事情.
请查看您在做什么.您将从UI控件中获取的几个字符串连接起来以构建查询字符串.您已经得到提示了吗?不?这些字符串可以包含任何内容,包括-SQL代码的某些片段.这意味着您可以打开名为 SQL注入的著名漏洞.您的数据库可以立即被黑客入侵.请参阅:
http://en.wikipedia.org/wiki/SQL_injection [ http://msdn.microsoft.com/en-us/library/yy6y35y8.aspx [ ^ ].
此外,您正在使用重复的字符串连接.这已经很糟糕了,因为字符串是不可变的.您可以使用string.Format解决此问题. (我什至需要解释这如何降低性能吗?在其他情况下,例如循环,您可以使用System.Text.StringBuilder,这当然是可变的.)
现在,您会发现无论如何都必须重新编写此代码,其原因是比您的小错误更重要,因此我看不到需要查找错误和修复程序.希望当您正确地重做所有错误时,该错误不会再次出现.如果您发现此错误或其他错误(很有可能),则可以随时提出另一个问题.
—SA
Please see my comment to the question. Perhaps you need to provide more detailed information. However, not in this case, because the whole idea is wrong. Not that it cannot work, but what you do is so unsafe that you never should do such things.
Please see what you are doing. You concatenate several strings taken from UI controls to build a query string. Are you getting the hint already? No? Those strings can contain anything, including— some fragments of SQL code. It means you open the doors wide to a well-known exploit called SQL injection. You database can be hacked in no time. Please see:
http://en.wikipedia.org/wiki/SQL_injection[^].
Look at the article referenced above and read about the importance of parametrized statements. With ADO.NET, you should always use parametrized commands:
http://msdn.microsoft.com/en-us/library/yy6y35y8.aspx[^].
Besides, You are using repeated string concatenation. This is already bad, because strings are immutable. You could usestring.Formatto solve this problem. (Do I even need to explain how this can degrade performance? In other cases, such as loops, you can useSystem.Text.StringBuilderwhich is of course mutable.)
Now, you can see that you have to re-write this code anyway, by the reasons more important than your little bug, so I don''t see a need to look for a bug and a fix. Hopefully, when you redo it all properly, the bug won''t appear again. It you find this or another bugs (which is pretty likely), you can always ask another question.
—SA
您的查询字符串中存在一些问题.您的代码似乎是完美的.尝试检查以下行:
Hi,
There is some problem in your query string. Your code seems to be perfect. Try checking this line:
string email = Convert.ToString(Request.QueryString["eid"]);
//Here your email value is not coming.
//try checking this line firs. It'll work.
还要检查您的URL QueryString值是否到来.
检查一下:
使用QueryString在页面之间传递变量 [
Also check your URL whether the QueryString value is coming or not.
Check this out:
Passing variables between pages using QueryString[^]
--Amit
这篇关于在另一页问题中插入数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
