列名或提供的值数与表不匹配 [英] Column name or number of supplied values does not match table

查看:104
本文介绍了列名或提供的值数与表不匹配的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

我使用三个单独的radiobutton和三个dropdownbox,当我尝试提交查询时它返回错误,因为列名或提供的值的数量与表不匹配

我应该怎么做。应该怎么做我为三个radiobutton提供默认值。帮助我



我尝试了什么:



SqlCommand cmd = new SqlCommand(插入Order_TB值('+ TxtDescription.Text +','+ DdlWeek.Text +','+ Ddlmonth.Text +','+ DropDownList4.Text + '),con);

cmd.ExecuteNonQuery();

con.Close();

解决方案

< blockquote>始终使用参数化查询来避免 SQL注入 [ ^ ]攻击



试试这样,

 SqlCommand cmd =  new  SqlCommand( 插入Order_TB(column1Name,column2Name,column3Name,column4Name)值(@ value1,@ value2,@ value3,@ value4) ,con); 
cmd.Parameters.Add( @ value1,TxtDescription.Text);
cmd.Parameters.Add( @ value2,DdlWeek.Text);
cmd.Parameters.Add( @ value3,Ddlmonth.Text);
cmd.Parameters.Add( @ value4,DropDownList4.Text);
cmd.ExecuteNonQuery();
con.Close();





你的sql语句无效,因为no的列与no不匹配您要插入的值的值。如果代码只有4列,你的代码就可以工作。


首先检查以确保表中只有你提供的4列,如果没有,那么请用
指定它们。


 SqlCommand cmd =  new  SqlCOmmand(  插入Order_Tb(Columnname1,Columnname2,Columnname3,Columnname4)值(' + TxtDescription.Text +   ',' + DdlWeek.Text +  ',' + Ddlmonth.Text +  ',' + DropDownList4.Text +  '),con); 





但请确保将Columnname1,Columnname2等替换为表中的实际列名。



此外,最好不要将字符串连接在一起,因为这会打开SQL注入。看一下SQL Parameters,以下链接中的简单示例。

http://www.dotnetperls.com/ sqlparameter [ ^ ]


< blockquote>错误清楚地表明您没有提供表中所需的所有列。如果您只想插入一些列,则需要明确定义这些列。



例如。

 SqlCommand cmd = new SqlCommand( 插入Order_TB (Column1,Column2,Column3,Column4)值(' + TxtDescription.Text +  ','  + DdlWeek.Text +  ',' + Ddlmonth.Text +  ',' + DropDownList4.Text +  '),CON); 
cmd.ExecuteNonQuery();
con。关闭();





还有一件非常重要的事情。您不应该直接在代码中将文本框或任何其他值传递给插入脚本。它只是为sql注入打开了大门。始终使用sql参数。




SqlParameter类(System.Data.SqlClient) [ ^ ]


i am using three separate radiobutton and three dropdownbox,when i try to submit the query it return error as Column name or number of supplied values does not match table
what should i do.what should i give default value for three radiobutton.help me

What I have tried:

SqlCommand cmd=new SqlCommand("insert into Order_TB values('"+TxtDescription.Text+"','"+DdlWeek.Text+"','"+Ddlmonth.Text+"','"+DropDownList4.Text+"')",con);
cmd.ExecuteNonQuery();
con.Close();

解决方案

always use parameterised query to avoid SQL Injection[^] attacks

try like this,

SqlCommand cmd = new SqlCommand("insert into Order_TB (column1Name,column2Name,column3Name,column4Name) values(@value1,@value2,@value3,@value4)", con);
           cmd.Parameters.Add("@value1", TxtDescription.Text);
           cmd.Parameters.Add("@value2", DdlWeek.Text);
           cmd.Parameters.Add("@value3", Ddlmonth.Text);
           cmd.Parameters.Add("@value4", DropDownList4.Text);
           cmd.ExecuteNonQuery();
           con.Close();



Your sql statement is not working because the no of columns is not matching with the no of values you are trying to insert. your code will work if it has only 4 columns.


Firstly check to make sure that the table has only the 4 columns that you have provided, if not then specify them by

SqlCommand cmd = new SqlCOmmand("insert into Order_Tb (Columnname1, Columnname2, Columnname3, Columnname4) values ('"+TxtDescription.Text+"','"+DdlWeek.Text+"','"+Ddlmonth.Text+"','"+DropDownList4.Text+"')",con);



But make sure that you replace Columnname1, Columnname2 etc with the actual column names from the table.

ALSO it is best practise not to concatenate strings together as this will open you to SQL Injection. Have a look at SQL Parameters, simple example in the following link.
http://www.dotnetperls.com/sqlparameter[^]


The error clearly says that You are not providing all the columns needed in table. If you want to insert some columns only you need to define those column explicitly.

Eg.

SqlCommand cmd=new SqlCommand("insert into Order_TB (Column1, Column2, Column3, Column4)values('"+TxtDescription.Text+"','"+DdlWeek.Text+"','"+Ddlmonth.Text+"','"+DropDownList4.Text+"')",con);
cmd.ExecuteNonQuery();
con.Close();



And one very important thing. You should never pass your text box or any other value to the insert script directly in code. It just opens door for sql injection. Alwaysuse sql parameter.


SqlParameter Class (System.Data.SqlClient)[^]


这篇关于列名或提供的值数与表不匹配的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆