如何在数据库中插入值后禁用复选框 [英] How to disable checkbox after insert the value in data base
问题描述
i'm trying this code, actually i'm trying to make bed booking.
please help me how can i do
我的尝试:
protected void btnSave_Click(object sender,EventArgs e)
{
string bednumber,bedstatus;
尝试
{
if(chkkk.Checked == true)
{
bednumber =First 201楼;
}
否则如果(chk1.Checked == true)
{
bednumber = 一楼202;
}
否则如果(chk2.Checked == true)
{
bednumber =First Floor 203;
}
else if(chk3.Checked == true)
{
bednumber =First Floor 204;
}
else if(chk4.Checked == true)
{
bednumber =First Floor 205;
}
else if(chk5.Checked == true)
{
bednumber =First Floor 206;
}
else if(chk6.Checked == true)
{
bednumber =一楼20 7;
}
否则if(chk7.Checked == true)
{
bednumber =一楼208;
}
其他
bednumber =非;
if(ChkActive.Checked )
{
Bedstatus =预订;
}
其他
bedstatus =Booked;
conn.Open();
SqlCommand cmd = new SqlCommand(IF NOT EXISTS(SELECT * FROM BedBooking WHERE BedNumber ='+ bednumber +')INSERT INTO BedBooking(PatientName,BedNumber)VALUES('+ txtName.Text +','+ bednumber +'),conn);
cmd.ExecuteNonQuery() ;
SqlCommand cmd1 =新的SqlCommand(IF NOT EXISTS(SELECT * FROM AddBedNumber WHERE BedNumber ='+ bednumber +')INSERT INTO AddBedNumber(BedNumber,Active)VALUES('+ bednumber + ','+ Bedstatus +'),conn);
cmd1.ExecuteNonQuery();
conn.Close();
Response.Write(alert('谢谢!)您的预订已经成功!'));
}
catch(例外情况)
{
}
}
What I have tried:
protected void btnSave_Click(object sender, EventArgs e)
{
string bednumber, Bedstatus;
try
{
if (chkkk.Checked == true)
{
bednumber = "First Floor 201";
}
else if (chk1.Checked == true)
{
bednumber = "First Floor 202";
}
else if (chk2.Checked == true)
{
bednumber = "First Floor 203";
}
else if (chk3.Checked == true)
{
bednumber = "First Floor 204";
}
else if (chk4.Checked == true)
{
bednumber = "First Floor 205";
}
else if (chk5.Checked == true)
{
bednumber = "First Floor 206";
}
else if (chk6.Checked == true)
{
bednumber = "First Floor 207";
}
else if (chk7.Checked == true)
{
bednumber = "First Floor 208";
}
else
bednumber = "Non";
if (ChkActive.Checked)
{
Bedstatus = "Booked";
}
else
Bedstatus = "Booked";
conn.Open();
SqlCommand cmd = new SqlCommand("IF NOT EXISTS(SELECT * FROM BedBooking WHERE BedNumber = '" + bednumber + "')INSERT INTO BedBooking(PatientName, BedNumber) VALUES('" + txtName.Text + "','" + bednumber + "')", conn);
cmd.ExecuteNonQuery();
SqlCommand cmd1 = new SqlCommand("IF NOT EXISTS(SELECT * FROM AddBedNumber WHERE BedNumber = '" + bednumber + "') INSERT INTO AddBedNumber(BedNumber, Active) VALUES('" + bednumber + "','" + Bedstatus + "')", conn);
cmd1.ExecuteNonQuery();
conn.Close();
Response.Write("alert('Thank you !!! Your Booking has been Sucessfully!!')");
}
catch (Exception ex)
{
}
}
推荐答案
在我们解决您的主要问题之前,您的代码需要进行一些清理。首先,让它成为一个习惯在使用语句中放置食用资源的对象,例如确保对象在使用后正确处理和关闭。SqlConnection和SqlCommand
其次,正如评论部分已经建议的那样,直接附加值对你的SQL查询是一个大不了没有,因为它可能导致SQL注入攻击。使用参数化查询来避免这种情况发生:保护你的数据:预防SQL注入[^] [ ^ ]
三,使用CheckBoxList控制因此您可以轻松地将其与数据库中的结果绑定。以下是您可以参考的示例:保存CheckBoxList所选项目并将其保留在PostBack上。 [ ^ ]
Before we move to solving your main issue, your code needs some clean up. First off, make it a habit to put objects that eat resources such asSqlConnectionandSqlCommandwithin ausing statementto ensure that objects will be properly disposed and closed after they are used.
Second, as already suggested in the comments section, appending the values directly to your SQL query is a BIG no no as it can potentially leads toSQL Injection attack. Use parameterize query to avoid that to happen: Protect Your Data: Prevent SQL Injection[^] [^]
Third, use aCheckBoxListControl so you can easily bind it with the result from your database. Here's an example that you can refer: Save CheckBoxList Selected Items and Retain them on PostBacks.[^]
这篇关于如何在数据库中插入值后禁用复选框的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
