这段代码中的错误是什么？ [英] what is tha error in this code

问题描述

SqlConnection con = new SqlConnection();
            con.Open();
            con.ConnectionString = "Data Source=GHARONDA-15; Initial Catalog=RagestrationDetail; Integrated Security=SSPI";
            
            SqlCommand cmd = new SqlCommand();
            cmd.Connection=con;
            con.Close();
            cmd.CommandType=CommandType.Text;
            cmd.CommandText= "insert into Form1(Name,FatherName,Address,DateOfBirth,JoiningDate,Experience,EducationalQualification)values('"+textBox1.Text+"','"+textBox2.Text+"','"+textBox3.Text+"','"+textBox4.Text+"','"+textBox5.Text+"','"+textBox6.Text+"','"+textBox7.Text+"')";
            cmd.ExecuteNonQuery();
            MessageBox.Show("Record Saved");

错误是

ConnectionString属性尚未初始化。

Error is
The ConnectionString property has not been initialized.

推荐答案

这里有很多问题！

您注意到的问题非常简单：在尝试打开连接后设置连接字符串。

请不要这样做！不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。使用参数化查询代替

试试这个：

There are a lot of problems here!
The problem you have noticed is pretty simple: You are setting the connection string after you try to open the connection.
And please, don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead
Try this:

using (SqlConnection con = new SqlConnection(@"Data Source=GHARONDA-15; Initial Catalog=RagestrationDetail; Integrated Security=SSPI"))
    {
    con.Open();    
    using (SqlCommand cmd = new SqlCommand("INSERT INTO Form1 (Name, FatherName, Address, DateOfBirth, JoiningDate, Experience, EducationalQualification) VALUES (@NM, @FN, @AD, @DOB, @JD, @EX, @EQ)", con))
        {
        cmd.Parameters.AddWithValue("@NM", textBox1.Text);
        cmd.Parameters.AddWithValue("@FN", textBox2.Text);
        cmd.Parameters.AddWithValue("@AD", textBox3.Text);
        cmd.Parameters.AddWithValue("@DOB", textBox4.Text);
        cmd.Parameters.AddWithValue("@JD", textBox5.Text);
        cmd.Parameters.AddWithValue("@EX", textBox6.Text);
        cmd.Parameters.AddWithValue("@EQ", textBox7.Text);
        cmd.ExecuteNonQuery();
        MessageBox.Show("Record Saved");
        }
    }

但是......你需要验证日期是真实日期，否则SQL会抛出异常 - 我希望你把它们存储为DATETIME值，或者你将来会给自己一些非常讨厌的问题。



并帮自己一个忙，并停止使用Visual Studio默认名称 - 你可以请记住，TextBox4是今天的出生日期，但是当你需要修改它是三周的时间，那么你呢？使用描述性名称 - 例如tbBirthdate - 您的代码变得更容易阅读，更多自我记录，更易于维护 - 并且编码速度更快，因为Intellisense可以在三次击键中达到tbBirthdate，其中TextBox8需要思考大约和8次击键...

But...You need to validate the dates are "real" dates, or SQL will throw an exception - and I'm hoping you are storing them as DATETIME values, or you will be giving yourself some really nasty problems in future.

And do yourself a favour, and stop using Visual Studio default names for everything - you may remember that "TextBox4" is the date of birth today, but when you have to modify it is three weeks time, will you then? Use descriptive names - "tbBirthdate" for example - and your code becomes easier to read, more self documenting, easier to maintain - and surprisingly quicker to code because Intellisense can get to to "tbBirthdate" in three keystrokes, where "TextBox8" takes thinking about and 8 keystrokes...

在con.Open（）之前定义con.ConnectionString属性



还有一件事你的cmd.ExecuteNonQuery（）之后使用con.Close（）


： - ）

Just Define con.ConnectionString property before con.Open()

and one more thing use con.Close() after your cmd.ExecuteNonQuery()

:-)

你必须打开和关闭连接对象

you have to Open and Close Connection object

Quote：

SqlConnection con = new SqlConnection（）;

con.ConnectionString =Data Source = GHARONDA-15; Initial Catalog = RagestrationDetail; Integrated Security = SSPI;

SqlCommand cmd = new SqlCommand（ ）;

cmd.Connection = con;

使用（con.open（））

{

cmd .CommandType = CommandType.Text;

cmd.CommandText =插入Form1（Name，FatherName，Address，DateOfBirth，JoiningDate，Experience，EducationalQualification）值（'+ textBox1.Text +'，'+ textBox2.Text +'，' + textBox3.Text +'，'+ textBox4.Text +'，'+ textBox5.Text +'，'+ textBox6.Text +'，'+ textBox7.Text +'）;

cmd.ExecuteNonQuery（）;

MessageBox.Show（保存记录）;

}

SqlConnection con = new SqlConnection();
con.ConnectionString = "Data Source=GHARONDA-15; Initial Catalog=RagestrationDetail; Integrated Security=SSPI";
SqlCommand cmd = new SqlCommand();
cmd.Connection=con;
using(con.open())
{
cmd.CommandType=CommandType.Text;
cmd.CommandText= "insert into Form1(Name,FatherName,Address,DateOfBirth,JoiningDate,Experience,EducationalQualification)values('"+textBox1.Text+"','"+textBox2.Text+"','"+textBox3.Text+"','"+textBox4.Text+"','"+textBox5.Text+"','"+textBox6.Text+"','"+textBox7.Text+"')";
cmd.ExecuteNonQuery();
MessageBox.Show("Record Saved");
}

这篇关于这段代码中的错误是什么？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！