我想将一个值或另一个值插入数据库,具体取决于用户是否选择更新值。 [英] I want to insert either one value or another to the database depending on if the user choses to update a value or not.
本文介绍了我想将一个值或另一个值插入数据库,具体取决于用户是否选择更新值。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
>
try
{
SqlConnection conn1 = new SqlConnection(ConfigurationManager.ConnectionStrings["ProjectDatabaseConnectionString"].ConnectionString);
conn1.Open();
SqlCommand com1;
string insertQuery = "update Personal set PersonalEmail = @email,FirstName = @fname, Surname = @sname,TelephoneNo = @telno, Password = @password Where UserName = '" + LblUserName .Text+ "'";
com1 = new SqlCommand(insertQuery, conn1);
if (TextBoxNewEmail.Text.Trim() != null)
{
com1.Parameters.AddWithValue("@email", TextBoxNewEmail.Text);
}
else
{
com1.Parameters.AddWithValue("@email", LblOldEmail.Text);
//LblOldEmail holds the value of the users old email
// TextBoxNewEmail is the textbox where the user enters there new email if they are updating it
}
com1.Parameters.AddWithValue("@password", TextBoxNewPassword.Text);
com1.Parameters.AddWithValue("@fname", TextBoxFirstName.Text);
com1.Parameters.AddWithValue("@sname", TextBoxSurName.Text);
com1.Parameters.AddWithValue("@telno", TextBoxTelNo.Text);
// com1.Parameters.AddWithValue("@location", locID);
com1.Parameters.AddWithValue("@conText", RadioButtonListText.SelectedValue);
com1.Parameters.AddWithValue("@conEmail", RadioButtonListEmail.SelectedValue);
com1.ExecuteNonQuery();
conn1.Close();
Response.Write("Update was successful");
}
catch (Exception ex)
{
Response.Write("error" + ex.ToString());
}
推荐答案
你好。
首先我认为你应该改变where子句,因为你将有一个sql注入。
其次,在我看来,你应该将新的电子邮件与旧的和如果它们不同则使用新电子邮件的值,否则使用旧电子邮件。
JAFC
Hello.
Firstly I think you should change the where clause, because you'll have a sql injection.
Secondly it seems to me that you should compare the new e-mail with the old and if they are different then use the value of the new e-mail, otherwise the old.
JAFC
这篇关于我想将一个值或另一个值插入数据库,具体取决于用户是否选择更新值。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文