关于数据库数据插入问题 [英] regarding database data inserting problem

问题描述

我的问题是，当我从localhost运行应用程序时，它成功地将数据插入远程sql数据库。但是当从实际站点插入数据时，它不会将数据插入到SQL服务器中我必须做什么plz help

i我正在使用以下连接字符串（star用于安全目的）

< add name =DefaultConnectionconnectionstring =Server = mssql2008。********。co.in; Database = *** _ dbs; Uid = ****** _ db_user;密码= *************providername =System.Data.SqlClient>

和代码是

My Problem is that when I run the application from localhost, It insert the data to remote sql database successfully. But when insert the data from the live site, it does not insert the data into SQL server what i have to do plz help
i am using following connection string(star is used for security purpose)
<add name="DefaultConnection" connectionstring="Server=mssql2008.********.co.in;Database=***_dbs;Uid=******_db_user;Password=*************" providername="System.Data.SqlClient">
and code is

Protected Sub Button1_Click(sender As Object, e As EventArgs) Handles Button1.Click
        If FileUpload1.PostedFile IsNot Nothing Then
            Try
                Dim FileName As String = Path.GetFileName(FileUpload1.PostedFile.FileName)
                'Save files to disk 
                FileUpload1.SaveAs(Server.MapPath("~/Uploads/" & FileName))

                Dim result As Boolean = addDataUsingAdepter(lastid + 1, TextBox1.Text, "~/Uploads/" + FileName, TextBox2.Text, DropDownList1.Text)
                If (result = True) Then
                    Label9.ForeColor = Drawing.Color.Green
                    Label9.Text = "Product Added Successfully"
                    TextBox1.Text = ""
                    TextBox2.Text = ""
                    DropDownList1.SelectedIndex = 0
                Else
                    Label9.ForeColor = Drawing.Color.Red
                    Label9.Text = "Sorry An Error Occured"
                End If
            Catch ex As Exception
            End Try
        End If
    End Sub

功能是......

function is......

Public Shared Function addDataUsingAdepter(id As Integer, Name As String, photoFilePath As String, Description As String, type As String) As Boolean
        Dim ConnectionString As String = ConfigurationManager.ConnectionStrings("DefaultConnection").ConnectionString
        Dim conn As SqlConnection
        Dim adptr As SqlDataAdapter
        Dim dt As String = Now.Day.ToString + "/" + Now.Month.ToString + "/" + Now.Year.ToString + " " + Now.Hour.ToString + ":" + Now.Minute.ToString + ":" + Now.Second.ToString

        Dim query As String = "insert into Products values('" & id & "','" & Name & "','" & photoFilePath & "','" & Description & "','" & dt & "','" & type & "')"
        Try
            conn = New SqlConnection(ConnectionString)
            conn.Open()
            adptr = New SqlDataAdapter
            adptr.InsertCommand = New SqlCommand(query, conn)
            adptr.InsertCommand.ExecuteNonQuery()
            Return True
            conn.Close()
        Catch ex As Exception

            MsgBox(ex.Message)
            Return False
        End Try

    End Function

推荐答案

首先修复 SQL注入 [ ^ ]漏洞：

Start by fixing the SQL Injection[^] vulnerability in your code:

Public Shared Function addDataUsingAdepter(id As Integer, Name As String, photoFilePath As String, Description As String, type As String) As Boolean
    Dim ConnectionString As String = ConfigurationManager.ConnectionStrings("DefaultConnection").ConnectionString
    Dim query As String = "insert into Products values (@id, @Name, @photoFilePath, @Description, @dt, @type)"
    
    Try
        Using conn As New SqlConnection(ConnectionString)
            Using cmd As New SqlCommand(query, conn)
                cmd.Parameters.AddWithValue("@id", id)
                cmd.Parameters.AddWithValue("@Name", Name)
                cmd.Parameters.AddWithValue("@photoFilePath", photoFilePath)
                cmd.Parameters.AddWithValue("@dt", DateTime.Now)
                cmd.Parameters.AddWithValue("@type", type)
                
                conn.Open()
                cmd.ExecuteNonQuery()
            End Using
        End Using
        
        Return True
        
    Catch ex As Exception
        MsgBox(ex.ToString())
        Return False
    End Try
End Function

这几乎肯定会解决问题。如果没有，您需要发布您收到的错误的详细信息。

That will almost certainly fix the issue. If not, you'll need to post the details of the error you're getting.

您必须将用户的文件夹上传安全权限更改为完全控制在您的服务器上（实时）。



只需右键单击文件夹 - 属性 - 安全选项卡 - 编辑 - 设置用户访问权限。



我希望它对你有用。

You have to change your folder 'Uploads' security permissions for the your user to 'Full control' on your server(live).

Just right click on the folder- Properties- Security Tab- Edit- Set Users Access Permissions.

I hope it'll work for you.

根据你在评论中提供的错误，问题无关用SQL。但是，您需要更改SQL作为解决方案1提及，以便您不会遇到Sql Injection问题。



并且，如解决方案2所述，您有一个权限问题。查看IIS中应用程序池的标识，该用户需要在uploads文件夹中创建文件的权限。或者，将身份更改为可以的用户。

Based on the error you provided in comments the problem has nothing to do with SQL. However, you will want to change your SQL as Solution 1 mentions so that you do not have issues with Sql Injection.

And, as Solution 2 mentions, you have a permissions issue. Look at the identity of the application pool in IIS and that user needs permissions to create files in your uploads folder. Or, change the identity to a user that can.

这篇关于关于数据库数据插入问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！