如何使用.net在数据库中插入单选按钮数据?我的查询如下.. [英] how to insert radio button data in database using .net ? I have my query as follows..
本文介绍了如何使用.net在数据库中插入单选按钮数据?我的查询如下..的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
str = "INSERT INTO studtable(enquiry_no,date,stud_name,col_name,address,qualification,mobile,course,duration,sreq,payment,overall,sign) VALUES('"+lcount.Text+"','" + dt.Text + "','" + tstud.Text + "','" + tcolg.Text + "','" + taddr.Text + "','" + tqua.Text + "','tmob','" + str1 + "','" + str1 + "','" + str1 + "','tfee','" + tedit.Text + "','"+tsign.Text+"')";
scd.Connection = cn;
scd.CommandText = str;
推荐答案
使用参数而不是连接sql语句的字符串。你的应用程序是用于SQL注入攻击的笔。
读取: SqlCommand.Parameters [ ^ ]
插入单选按钮数据取决于表中的数据类型。如果它是位数据类型,你可以插入布尔值为yourcheckBox.Checked属性
例如使用参数:
Use parameters instead of concatenating strings for sql statement. your application is pen for sql injection attacks.
read : SqlCommand.Parameters[^]
Inserting radio button data is depends on which data type you have in your table. if it is bit datatype you can insert as boolean value ofyourcheckBox.Checkedproperty
for example using parameters:
cmd.Parameters.AddWithValue("@colname", yourcheckBox.Checked);
首先,您的代码是 SQL注入 [ ^ ]易受攻击!
如何:防止ASP.NET中的SQL注入 [ ^ ]
存储过程保护反对SQL注入? [ ^ ]
SQL注入及其如何避免 [ ^ ]
使用参数化查询代替这样的命令:
First of all, your code is SQL Injection[^] vulnerable!
How To: Protect From SQL Injection in ASP.NET[^]
Do Stored Procedures Protect Against SQL Injection?[^]
SQL Injection and how to avoid it[^]
Instead of such of command, use parametrized query:
INSERT INTO TableName (<Set_of_Fields>: Field1, Field2, Field3, etc.) VALUES(<Set_Of_Parameters>: @param1, @param2, @param3, etc.)
参见: SqlParameterCollection.AddWithValue Method [ ^ ]
首先不需要使用为SQL注入打开的代码而是使用参数化查询。
一个简单的例子:
如果您的代码中有2个单选按钮,其数据类型为数据类表'Persons'中的char(1)(如果它的bool然后在传递参数时相应地更改代码)
First of all no need to use the code open for SQL Injection instead use parametrize query.
A Simple Example:
if u have 2 radio buttons in your code whose datatype is char(1) in the database table 'Persons' (if its bool then change the code accordingly while passing the parameters)
<asp:radiobutton id="rbMale" text="Male" runat="server" groupname="Gender"/>
<asp:radiobutton id="rbFemale" text="Female" runat="server" groupname="Gender"/>
使用以下代码将其值保存到数据库表中。
Use the following code for saving its value into the database table.
string gender = string.Empty;
if (rbMale.Checked)
{
gender = "M";
}
else if (rbFemale.Checked)
{
gender = "F";
}
string constr = ConfigurationManager.ConnectionStrings["constr"].ConnectionString;
using (SqlConnection con = new SqlConnection(constr))
{
using (SqlCommand cmd = new SqlCommand("INSERT INTO Persons(Gender)VALUES(@Gender)"))
{
cmd.Connection = con;
cmd.Parameters.AddWithValue("@Gender", gender);
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
}
根据您的表格值添加参数。
希望它有助于:)
Add the parameters according to your form values.
Hope It Helps :)
这篇关于如何使用.net在数据库中插入单选按钮数据?我的查询如下..的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
