为什么在break语句中出错... plz告诉我 [英] Why error in break statement...plz tell quickly
问题描述
使用System;
使用System.Collections.Generic;使用System.ComponentModel
;
使用System.Data;使用System.Drawing
;
使用System.Linq;
使用System.Text;
使用System.Windows.Forms;
使用System.Data.SqlClient;
使用System.Configuration;
命名空间WindowsFormsApplication8
{
public partial class Form1:Form
{
SqlConnection conn = new SqlConnection(@Data Source = VISHAL-PC; Initial Catalog = arif; Integrated security = true);
SqlCommand cmd;
SqlDataReader dr;
string str;
int value1;
int value2;
int A;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender,EventArgs e)
{
}
private void textBox3_TextChanged(object sender,EventArgs e)
{
}
private void timer1_Tick_1(object sender,EventArgs e)
{
}
private void timer1_Tick_2(object sender,EventArgs e)
{
{
if(textBox1.Text!=&& textBox2。 Text!=)
{
value1 = Convert.ToInt32(textBox1.Text);
value2 = Convert.ToInt32(textBox2.Text);
textBox3.Text = DateTime.Now.ToString();
str =;
str =插入kkk值(+ textBox1.Text +,+ textBox2.Text +,+ textBox3.Text +');
cmd = new SqlCommand(str,conn);
conn.Open();
dr = cmd.ExecuteReader();
value1 = value1 + 1;
value2 = value2 + 1;
textBox1.Text = value1.ToString();
textBox2.Text = value2.ToString();
conn.Close();
}
其他
{
break;
}
}
}
}
}
我尝试了什么:
告诉我尽可能的....... ...................
你不能使用Break和if-else语句来使用它循环和切换。
你没有循环,没有开关- 所以没有任何内容要做。
休息以两种方式之一工作:
1)在一个循环内(为,foreach,,而,或执行)break语句立即退出当前循环 - 只有当前循环,它将不退出嵌套对的外循环:
foreach (字符串 s in m yList)
{
foreach ( char c in s)
{
if (c == x)
{
break ;
}
...
}
// 立即执行中断,或当字符串用完字符时
...
}
2)在<$内部使用时c $ c> case 阻止开关语句,它立即退出开关。case块必须以break,return结束,或者throw
他们在中没有任何关系如果......其他语句,因此您收到编译错误。
str = 插入kkk值( + textBox1.Text + , + textBox2.Text + ,' + textBox3.Text + ');
不是解决方案你的问题,但你有另一个问题。
永远不要通过连接字符串来构建SQL查询。迟早,您将使用用户输入来执行此操作,这会打开一个名为SQL注入的漏洞,这对您的数据库很容易并且容易出错。
名称中的单引号你的程序崩溃。如果用户输入像Brian O'Conner这样的名称可能会使您的应用程序崩溃,那么这是一个SQL注入漏洞,崩溃是最少的问题,恶意用户输入,并且它被提升为具有所有凭据的SQL命令。
SQL注入 - 维基百科 [ ^ ]
SQL注入 [ ^ ]
按示例进行SQL注入攻击 [ ^ ]
PHP:SQL注入 - 手册 [ ^ ]
SQL注入预防备忘单 - OWASP [ ^ ]
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
using System.Configuration;
namespace WindowsFormsApplication8
{
public partial class Form1 : Form
{
SqlConnection conn = new SqlConnection(@"Data Source=VISHAL-PC; Initial Catalog=arif; Integrated security=true");
SqlCommand cmd;
SqlDataReader dr;
string str;
int value1;
int value2;
int A;
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
}
private void textBox3_TextChanged(object sender, EventArgs e)
{
}
private void timer1_Tick_1(object sender, EventArgs e)
{
}
private void timer1_Tick_2(object sender, EventArgs e)
{
{
if (textBox1.Text != "" && textBox2.Text != "")
{
value1 = Convert.ToInt32(textBox1.Text);
value2 = Convert.ToInt32(textBox2.Text);
textBox3.Text = DateTime.Now.ToString();
str = "";
str = "Insert into kkk values(" + textBox1.Text + "," + textBox2.Text + ",'" + textBox3.Text + "')";
cmd = new SqlCommand(str, conn);
conn.Open();
dr = cmd.ExecuteReader();
value1 = value1 + 1;
value2 = value2 + 1;
textBox1.Text = value1.ToString();
textBox2.Text = value2.ToString();
conn.Close();
}
else
{
break;
}
}
}
}
}
What I have tried:
tell me faast as possible..........................
You can not use Break with if-else statement it is used for Looping and Switch.
You have no loop, noswitch- so there is nothing for abreakto do.
breakworks in one of two ways:
1) Inside a loop (for,foreach,while, ordo) thebreakstatement immediately exits the current loop - and only the current, it will not exit the outer loop of a nested pair:
foreach (string s in myList) { foreach (char c in s) { if (c == "x") { break; } ... } // Executed immediately after the break, or when the string runs out of characters ... }
2) When used inside thecaseblock of aswitchstatement, it exits theswitchimmediately.caseblocks must end with abreak,return, orthrow
They have nothing to do in anif...elsestatement, so you get a compilation error.
str = "Insert into kkk values(" + textBox1.Text + "," + textBox2.Text + ",'" + textBox3.Text + "')";
Not a solution to your question, but another problem you have.
Never build an SQL query by concatenating strings. Sooner or later, you will do it with user inputs, and this opens door to a vulnerability named "SQL injection", it is dangerous for your database and error prone.
A single quote in a name and your program crash. If a user input a name like "Brian O'Conner" can crash your app, it is an SQL injection vulnerability, and the crash is the least of the problems, a malicious user input and it is promoted to SQL commands with all credentials.
SQL injection - Wikipedia[^]
SQL Injection[^]
SQL Injection Attacks by Example[^]
PHP: SQL Injection - Manual[^]
SQL Injection Prevention Cheat Sheet - OWASP[^]
这篇关于为什么在break语句中出错... plz告诉我的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
