如何解决将数据类型varchar转换为int的错误。 [英] How to resolve error converting data type varchar to int.
问题描述
我面临上述异常请给我解决方案如何解决它代码如下:
i am facing above exception please give me solution how to solve it code is given below
public ActionResult Create([Bind(Include ="Subject_Id,SubjName,SubjCode,SubjMaxMarks,SubjTheory,SubjPractical,SubjTPassMarks,SubjPPassAMarks")] Tab_Subject subject)
{
if (ModelState.IsValid)
{
Sims.Database.ExecuteSqlCommand("EXEC SP_SubjectInsertUpdate '" + subject.SubjName + "', '" + subject.SubjCode + "'," + subject.SubjMaxMarks + "," + subject.SubjTheory + "," +subject.SubjPractical + "," +subject.SubjTPassMarks + "," + subject.SubjPPassAMarks );
//Sims.Database.ExecuteSqlCommand("EXEC SP_SubjectInsertUpdate '" + Subject.SubjName + "'");
Sims.SaveChanges();
return RedirectToAction("SectionView");
}
return View(subject);
我尝试过:
What I have tried:
<pre lang="C#">public ActionResult Create([Bind(Include ="Subject_Id,SubjName,SubjCode,SubjMaxMarks,SubjTheory,SubjPractical,SubjTPassMarks,SubjPPassAMarks")] Tab_Subject subject)
{
if (ModelState.IsValid)
{
Sims.Database.ExecuteSqlCommand("EXEC SP_SubjectInsertUpdate '" + subject.SubjName + "', '" + subject.SubjCode + "'," + subject.SubjMaxMarks + "," + subject.SubjTheory + "," +subject.SubjPractical + "," +subject.SubjTPassMarks + "," + subject.SubjPPassAMarks );
//Sims.Database.ExecuteSqlCommand("EXEC SP_SubjectInsertUpdate '" + Subject.SubjName + "'");
Sims.SaveChanges();
return RedirectToAction("SectionView");
}
return View(subject);</pre>
和我的数据库表也在下面给出
公共部分课程Tab_Subject
{
[Key]
public int Subject_Id {get;组; }
[StringLength(50)]
public string SubjName {get;组; } $ / $
[StringLength(50)]
公共字符串SubjCode {get;组; }
公共小数? SubjMaxMarks {get;组; }
公共小数? SubjTheory {get;组; }
公共小数? SubjPractical {get;组; }
公共小数? SubjTPassMarks {get;组; }
公共小数? SubjPPassAMarks {get;组; }
}
and my database table is also given below
public partial class Tab_Subject
{
[Key]
public int Subject_Id { get; set; }
[StringLength(50)]
public string SubjName { get; set; }
[StringLength(50)]
public string SubjCode { get; set; }
public decimal? SubjMaxMarks { get; set; }
public decimal? SubjTheory { get; set; }
public decimal? SubjPractical { get; set; }
public decimal? SubjTPassMarks { get; set; }
public decimal? SubjPPassAMarks { get; set; }
}
推荐答案
我们不知道问题是什么,因为我们对您在模型中发回的数据一无所知SP_SubjectInsertUpdate存储过程的内容。
我可以说使用字符串连接来构建SQL查询是一个巨大的安全风险。谷歌为SQL注入攻击找出你为什么做的事情是如此糟糕。然后谷歌为C#SQL参数找出如何处理它。机会很好甚至可以解决您的问题,或者至少强迫您检查传递给存储过程的内容以及存储过程在参数的顺序和类型中的期望。
We have no idea what the problem is since we know nothing about the data you sent back in the model and the content of the SP_SubjectInsertUpdate stored procedure.
What I can say is that using string concatenation to build the SQL query is a HUGE security risk. Google for "SQL Injection Attack" to find out why what you're doing is so bad. Then Google for "C# SQL Parameters" to find out what to do about it. Chances are good this will even solve your problem, or at least force you to examine what your passing to the stored procedure and what the stored procedure expects in the order and type of parameters.
这篇关于如何解决将数据类型varchar转换为int的错误。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
