我在哪里找到它的问题。 [英] Where Is The Problem I Coudnt Find It.
本文介绍了我在哪里找到它的问题。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
来自sql的错误。
类型'System.Data.SqlClient.SqlException的异常'发生在System.Data.dll中但未在用户代码中处理
附加信息:关键字'into'附近的语法不正确。
受保护 void Button1_Click(< span class =code-keyword> object sender,EventArgs e)
{
if ( string .IsNullOrWhiteSpace(txtKullan.Text + txtSifre.Text + txtMail.Text))
{
uyari.Text = Tümalanlarıdoldurmakzorundasınız;
return ;
}
SqlConnection baglanti = new SqlConnection( 数据源= RMZN;初始目录= veri;集成安全性=真;);
baglanti.Open();
SqlCommand cmd = new SqlCommand( 进入Uyeler(UyeAdi,UyeSifre,UyeMail)值(' + txtKullan.Text + ',' + txtSifre.Text + ',' + txtMail.Text + < span class =code-string> '),baglanti);
cmd.ExecuteNonQuery();
txtKullan.Text = ;
txtSifre.Text = ;
txtMail.Text = ;
uyari.Text = Kayıtişlemibaşarıylapamamlandıgirişyapabilirsiniz。;
}
解决方案
这是插入,而非Instert 。
还使用参数化查询,你的代码对SQL注入攻击开放。
SQL注入攻击和一些如何防止它们的提示 [ ^ ]
hello !
there is error from sql.
An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code
Additional information: Incorrect syntax near the keyword 'into'.
protected void Button1_Click(object sender, EventArgs e)
{
if (string.IsNullOrWhiteSpace(txtKullan.Text + txtSifre.Text + txtMail.Text))
{
uyari.Text = "Tüm alanları doldurmak zorundasınız";
return;
}
SqlConnection baglanti = new SqlConnection("Data Source=RMZN;Initial Catalog=veri;Integrated Security=True;");
baglanti.Open();
SqlCommand cmd = new SqlCommand("Instert into Uyeler(UyeAdi,UyeSifre,UyeMail) values ('"+txtKullan.Text+"','"+txtSifre.Text+"','"+txtMail.Text+"')",baglanti);
cmd.ExecuteNonQuery();
txtKullan.Text = "";
txtSifre.Text = "";
txtMail.Text = "";
uyari.Text = "Kayıt işlemi başarıyla tamamlandı giriş yapabilirsiniz.";
}
解决方案
It's "insert", not "Instert".
Also use parameterised queries, your code is open to SQL injection attacks.
SQL Injection Attacks and Some Tips on How to Prevent Them[^]
这篇关于我在哪里找到它的问题。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文