如何将ASPX页面中的文本输入字段传递给ASPX.VB中的代码 [英] How do I pass a text input field from a ASPX page to the code behind in ASPX.VB
问题描述
我一直在寻找如何做到这一点的日子。这是我的设置。我有一个带有一些输入字段的ASPX网页。 提交按钮用于将表单中的数据添加到SQL表中。我遇到的问题是我在SQL语句中使用的语法。
只要我只在SQL插入文本中放入内容。但是当我尝试将其更改为我遇到问题的输入字段时。
I have been searching for days on how to do this. Here is my setup. I have a ASPX Web Page with some input fields. The Submit button is to add the data from the forms into the SQL Table. What I am having issues is with the syntax that I put in the SQL statement that will work.
This works as long as I only put content in the SQL Insert Text. But when I attempt to change that to the input field that is where I have issues.
Imports System.Data
Imports System.Data.SqlClient
Partial Class Agent_Add
Inherits System.Web.UI.Page
Dim cn As New SqlConnection("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\inetpub\wwwroot\RedRock\App_Data\Database.mdf;Integrated Security=True")
Dim cm As New SqlCommand
Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles btnAdd.Click
cn.Open()
cm.Connection = cn
cm.CommandText = "insert into tblAgents (UserName,LoginID,eMailAddress,Phone) Values ('test'," ,'bsmart','smart@yahoo.net,'304-666-7777')"
cm.ExecuteNonQuery()
Response.Write("Recored Added")
cn.Close()
End Sub
End Class
我尝试过:
以下是我尝试过的一些方法。
1. cm.CommandText =i插入到tblAgents(UserName)值(AgentsName.text)
2,cm.CommendText =插入到tblAgents(UserName)值('& AgentsName&')
3. cm.CommandText =插入到tblAgents(UserName)值(@AgentsName)
我已经尝试了许多组合,似乎无法找到一个有效的组合。
What I have tried:
Here is some methods I have tried.
1. cm.CommandText = "insert into tblAgents (UserName) Values (AgentsName.text)"
2, cm.CommendText = "insert into tblAgents (UserName) Values ("'& AgentsName &'")"
3. cm.CommandText = "insert into tblAgents (UserName) Values (@AgentsName)"
I have tried a number of combinations and can not seem to find one that works.
推荐答案
试试这个:
Try this:
Imports System.Data
Imports System.Data.SqlClient
Partial Class Agent_Add
Inherits System.Web.UI.Page
Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles btnAdd.Click
Const query As String = "insert into tblAgents (UserName, LoginID, eMailAddress, Phone) Values (@UserName, @LoginID, @eMailAddress, @Phone)"
Using cn As New SqlConnection("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True")
Using cm As New SqlCommand(query, cn)
cm.Parameters.AddWithValue("@UserName", AgentsName.Text)
cm.Parameters.AddWithValue("@LoginID", LoginID.Text)
cm.Parameters.AddWithValue("@eMailAddress", EmailAddress.Text)
cm.Parameters.AddWithValue("@Phone", Phone.Text)
cn.Open()
cm.ExecuteNonQuery()
End Using
End Using
Response.Write("Recored Added")
End Sub
End Class
- 永远不要使用字符串连接来构建SQL查询,或者你'将您的代码容易受到 SQL注入 [< a href =https://www.troyhunt.com/2013/07/everything-you-wanted-to-know-about-sql.html\"target =_ blank> ^ ]。
- 不要将连接/命令对象存储为类中的字段。相反,在需要时将它们创建为局部变量。
- 在
中使用
包装实现IDisposable
的对象 - 使用 | DataDirectory | [ ^ ]在你的连接字符串中引用
App_Data
文件夹。 - 理想情况下,你应该将您的连接字符串存储在
web中。 config
file [ ^ ]。 - Never use string concatenation to build a SQL query, or you'll leave your code vulnerable to SQL Injection[^].
- Don't store connection / command objects as fields in your class. Instead, create them as local variables when needed.
- Wrap objects which implement
IDisposable
inUsing
blocks. - Use |DataDirectory|[^] in your connection string to refer to the
App_Data
folder. - Ideally, you should store your connection string in your
web.config
file[^].
不是解决方案,但无法通过上述评论中的HTML。
很棒。我定义了字段,但没有ID集。我现在已经这样做但仍然有同样的错误。这是我的ASPX表单代码。如您所见,它是一个只有表格的简单表格。我在每个字段前添加了txtFieldName。然后在aspxvb后面进行相同的更改。表格下方显示。
Agent-Add.aspx表格:
Not a solution but could not past the HTML in the comment above.
Great catch. I had the field defined but not the ID set. I have done that now but still have the same error. Here is my code for the ASPX form. As you see it is a simple form with only table for the fields. I added txtFieldName in front of each field. Then made the same changes in the aspxvb run behind. That is shown below the form.
Agent-Add.aspx form:
<%@ Page Language="VB" AutoEventWireup="false" CodeFile="Agent-Add.aspx.vb" Inherits="Agent_Add" %>
<!DOCTYPE html>
<html xmlns="http://www.w3.org/1999/xhtml">
<head runat="server">
<title>Red Rock Reservation System</title>
<link rel="stylesheet" type="text/css" href="css\appstyle.css">
</head>
<form id="form1" runat="server">
<Center>
<img src="graphics\redrock-logo.png" alt="Red Rock Travel" style=" width:150px;height:150px";><br>
Reservation System Agent Add Module (ver1.0)
<br />
<br />
<!--- <form method="post" action="Agent-Post.aspx" autocomplete="off"> --->
<table border="1">
<tr>
<td>Agents Name:</td>
<td><input type="text" name="AgentsName" maxlength="20" autocomplete="off" id="txtAgentsName" formenctype="text/plain" required="required" /></td>
</tr>
<tr>
<td>Agent Login ID:</td>
<td id="txtLoginID"><input type="text" name="LoginID" maxlength="20" id="AgentLoginID" /></td>
</tr>
<tr>
<td>Agent Password:</td>
<td><input type="text" name="Password" maxlength="50" id="txtPassword" /></td>
</tr>
<tr>
<td>Agents Access Level (1-5):</td>
<td><input type="text" name="AgentLevel" id="txtAccessLevel" /></td>
</tr>
<tr>
<td>Email Address:</td>
<td><input type="text" name="eMailAddress" id="txtEmailAddress" /></td>
</tr>
<tr>
<td>Phone:</td>
<td><input type="text" name="Phone" id="txtPhone" /></td>
</tr>
<!-- <tr>
<td colspan="2" align="center">
<br />
<input type="submit" value="Add Agent" />
<input type="reset" value="Clear Form" />
<br />
<br />
<br />
</td>
</tr> -->
</table>
<br />
<!--- </form> --->
<asp:Button ID="btnAdd" runat="server" Text="Add" Width="89px" />
</Center>
</body>
</form>
</html>
代码落后:代理 - 添加.aspx.vb
Code behind: Agent-Add.aspx.vb
Imports System.Data
Imports System.Data.SqlClient
Partial Class Agent_Add
Inherits System.Web.UI.Page
Protected Sub btnAdd_Click(sender As Object, e As EventArgs) Handles btnAdd.Click
Const query As String = "insert into tblAgents (UserName, LoginID, eMailAddress, Phone) Values (@UserName, @LoginID, @eMailAddress, @Phone)"
Using cn As New SqlConnection("Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=|DataDirectory|\Database.mdf;Integrated Security=True")
Using cm As New SqlCommand(query, cn)
cm.Parameters.AddWithValue("@UserName", txtAgentsName.text)
cm.Parameters.AddWithValue("@LoginID", txtLoginID.Text)
cm.Parameters.AddWithValue("@eMailAddress", txtEmailAddress.Text)
cm.Parameters.AddWithValue("@Phone", txtPhone.Text)
cn.Open()
cm.ExecuteNonQuery()
End Using
End Using
Response.Write("Recored Added")
End Sub
End Class
RESOLVED !!! YEA。
首先在ASPX页面上,你必须为每个字段设置一个ID = Set。其次,您要将字段文本或值设置为在服务器上运行。
RESOLVED!!! YEA.
First on the ASPX page you have to have an ID= Set for each field. Second you have the field text or value set to run at server.
cm.Parameters.AddWithValue("@UserName", Request.Form("AgentsName"))
这有效地让服务器保存数据,以便数据背后的代码可以访问它。
所以这里是aps的代码片段:TextBox。
This effectively lets the server hold the data so the code behind data can access it.
So here is the code snippet of the aps:TextBox.
asp:TextBox type="text" name="AgentsName" maxlength="20" id="AgentsName" runat="server" />
现在,在代码隐藏页面上,您可以访问从ASPX页面传递到ASPX.VB页面的数据。
Now on the code behind page here is how you access the data passed from the ASPX Page into the ASPX.VB page.
cm.Parameters.AddWithValue("@UserName", Request.Form("AgentsName"))
所以你使用id =Field Name存储它,然后使用Request.Form(FieldName)检索它
令人惊奇的是这有多难找到。 2个星期了。希望这有助于其他人。
So you store it with a id="Field Name" and you retrieve it with a Request.Form("FieldName")
What is amazing is how hard this was to find. 2 weeks on this. Hope this helps someone else.
这篇关于如何将ASPX页面中的文本输入字段传递给ASPX.VB中的代码的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!