如何将数据插入访问数据库 [英] How to insert data into access database

查看：100 发布时间：2019/6/13 11:18:55 ASP.NET

本文介绍了如何将数据插入访问数据库的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！

问题描述

我创建了一个链接到访问基础的表单（Apply Table），所以我想要的是当我填写表单并单击按钮时，信息直接进入数据库，但我仍然有错误

有人可以检查我的代码并修复它吗

 使用系统; 
 使用 System.Collections.Generic; 
 使用 System.Linq; 
 使用 System.Web; 
 使用 System.Web.UI; 
 使用 System.Web.UI.WebControls; 
 使用 System.Data.OleDb; 
 使用 System.Configuration; 
 使用 System.Data; 
 
 命名空间 QIS 
 {
  public   partial   class  Applyonline：System.Web.UI.Page 
 {
  protected   void  Page_Load（ object  sender，EventArgs e）
 {
 
} 
 
 受保护  void  TextBox8_TextChanged（ object  sender，EventArgs e）
 {
 
 
} 
 
  protected   void  Button1_Click（ object  sender，EventArgs e） 
 {
 尝试 
 {
  string  connStr = ConfigurationManager.ConnectionStrings [  ConnectionString]。ConnectionString; 
  String  comandString; 
 
 OleDbConnection con =  new  OleDbConnection（  connStr）; 
 OleDbDataAdapter adp =  new  OleDbDataAdapter（）; 
 OleDbCommand cmd =  new  OleDbCommand（）; 
 cmd.Connection = con; 
 
 adp.SelectCommand = cmd; 
 con.Open（）; 
 comandString =  插入应用（FirstName，LastName，Gender，DateOfBirth，CountryOfBirth，Ethnic，PrimaryLanguage，NameOfCurrentSchool ）值（ + tb_FirstName.Text +  ， + tb_LastName.Text + < span class =code-string> ， + tb_Gender.Text +  ， + tb_Birth.Text +  ， + tb_CountryOfBirth.Text +  ， + tb_Nationality.Text +  ， + tb_Language.Text +  ， + tb_School.Text +  ）; 
 
 cmd.ExecuteNonQuery（）; 
 lbl_msg.Text =  感谢您的申请，我们很快就会回复您。; 
 con.Close（）; 
} 
  catch  
 {
 lbl_msg.Text =  错误发生。; 
} 
} 
 
} 
 
}

解决方案

< blockquote> 如何将数据插入访问数据库

根据喜好，不是那样的！

Do不连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度，这可能会破坏您的整个数据库。改为使用参数化查询。

这实际上也可以解决你的问题...一旦你将命令字符串附加到命令对象，你目前不能...

 comandString =   INSERT into Apply（ FirstName，LastName，Gender，DateOfBirth，CountryOfBirth，Ethnic，PrimaryLanguage，NameOfCurrentSchool）值（ + tb_FirstName.Text +  ， + tb_LastName.Text +  ， + tb_Gender.Text +  ， + tb_Birth.Text +  ， + tb_CountryOfBirth.Text +  ， + tb_Nationality.Text +  ， + tb_L anguage.Text +  ， + tb_School.Text +   ）; 
 cmd.CommandText = commandString;  //   ADD THIS。 
 cmd.ExecuteNonQuery（）;

添加它将解决您当前的问题，但它会产生另一个：您将需要使用参数化查询来正确摆脱它。

I have created a form that is linked to access base (Apply Table), so what I want is when I fill the form and click the button, the information goes directly to the database, but I still have an error
Could someone check my code and fix it please

using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.OleDb;
using System.Configuration;
using System.Data;

namespace QIS
{
    public partial class Applyonline : System.Web.UI.Page
    {
        protected void Page_Load(object sender, EventArgs e)
        {

        }

        protected void TextBox8_TextChanged(object sender, EventArgs e)
        {


        }

        protected void Button1_Click(object sender, EventArgs e)
        {
                    try
                {
                    string connStr = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
                    String comandString ;

                    OleDbConnection con = new OleDbConnection("connStr");
                    OleDbDataAdapter adp = new OleDbDataAdapter();
                    OleDbCommand cmd = new OleDbCommand();
                    cmd.Connection = con;

                    adp.SelectCommand = cmd;
                    con.Open();
                    comandString = "INSERT into Apply(FirstName,LastName,Gender,DateOfBirth,CountryOfBirth,Nationality,PrimaryLanguage,NameOfCurrentSchool) values ( " + tb_FirstName.Text + " ," + tb_LastName.Text + " , " + tb_Gender.Text + " , " + tb_Birth.Text + ", " + tb_CountryOfBirth.Text + " , " + tb_Nationality.Text + " , " + tb_Language.Text + ", " + tb_School.Text + ")";
                    
                    cmd.ExecuteNonQuery();
                    lbl_msg.Text = "Thank you for applying, we well get back to you soon.";
                    con.Close();
                }
                catch
                {
                    lbl_msg.Text = "Error Occured.";
                }
            }

        }

        }

解决方案

"How to insert data into access database"

By preference, not like that!
Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.

That will actually cure your problem as well...Once you attach the command string to the command object, which you don't at present...
comandString = "INSERT into Apply(FirstName,LastName,Gender,DateOfBirth,CountryOfBirth,Nationality,PrimaryLanguage,NameOfCurrentSchool) values ( " + tb_FirstName.Text + " ," + tb_LastName.Text + " , " + tb_Gender.Text + " , " + tb_Birth.Text + ", " + tb_CountryOfBirth.Text + " , " + tb_Nationality.Text + " , " + tb_Language.Text + ", " + tb_School.Text + ")";
cmd.CommandText = commandString;   // ADD THIS.
cmd.ExecuteNonQuery();
Adding that will get rid of your current problem, but it will produce another: you will need to use parametrized queries to get rid of that properly.

这篇关于如何将数据插入访问数据库的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！

查看全文

如何将数据插入访问数据库 [英] How to insert data into access database

问题描述

相关文章

其他开发语言最新文章

热门教程

热门工具

登录关闭

如何将数据插入访问数据库 [英] How to insert data into access database

问题描述

相关文章

其他开发语言最新文章

热门教程

热门工具

登录 关闭

登录关闭