如何更新用户信息Asp.Net C# [英] How Do I Update User Information Asp.Net C#
本文介绍了如何更新用户信息Asp.Net C#的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
此代码将告诉我我的更新成功但不会更新我的数据库。我已将代码删除至零,仍然无法找到问题。
this code will tell me that my update was successful but will not update my database. I have stripped the code down to nothing and still cannot find the problem.
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
namespace GigGuide
{
public partial class userProfile : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
LblUserName.Text = Convert.ToString(Session["New"]);
string fillTextBoxes = "Select FirstName, Surname,TelephoneNo,PersonalEmail,Password,ContactbyText,ContactByEmail from Personal where UserName ='" + LblUserName.Text + "'";
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ProjectDatabaseConnectionString"].ConnectionString);
SqlCommand com = new SqlCommand(fillTextBoxes, conn);
SqlDataReader reader;
try
{
conn.Open();
reader = com.ExecuteReader();
reader.Read();
TextBoxFirstName.Text = reader["FirstName"].ToString();
TextBoxSurName.Text = reader["Surname"].ToString();
TextBoxTelNo.Text = reader["TelephoneNo"].ToString();
TextBoxOldemail.Text = reader["PersonalEmail"].ToString();
TextBoxOldPassword.Text = reader["Password"].ToString();
reader.Close();
conn.Close();
}
catch (Exception ex)
{
Response.Write("ERROR" + ex.ToString());
}
}
}
protected void ButtonUpdate_Click(object sender, EventArgs e)
{
try
{
SqlConnection conn1 = new SqlConnection(ConfigurationManager.ConnectionStrings["ProjectDatabaseConnectionString"].ConnectionString);
conn1.Open();
// conn1.Open();
SqlCommand com1;
string updateQuery = "update Personal set PersonalEmail = @email,FirstName = @fname, Surname = @sname,TelephoneNo = @telno, Password = @password, ContactbyText = @conText, ContactByEmail = @conEmail Where UserName = '" + LblUserName + "'";
com1 = new SqlCommand(updateQuery, conn1);
com1.Parameters.AddWithValue("@email", TextBoxNewEmail.Text);
com1.Parameters.AddWithValue("@password", TextBoxNewPassword.Text);
com1.Parameters.AddWithValue("@fname", TextBoxFirstName.Text);
com1.Parameters.AddWithValue("@sname", TextBoxSurName.Text);
com1.Parameters.AddWithValue("@telno", TextBoxTelNo.Text);
// com1.Parameters.AddWithValue("@location", locID);
com1.Parameters.AddWithValue("@conText", RadioButtonListText.SelectedValue);
com1.Parameters.AddWithValue("@conEmail", RadioButtonListEmail.SelectedValue);
com1.ExecuteNonQuery();
conn1.Close();
Response.Write("Update was successful");
}
catch (Exception ex)
{
Response.Write("error" + ex.ToString());
}
}
}
}
推荐答案
已发布以从未答复中删除list
Posted to remove from the unanswered list
string updateQuery = "update Personal set PersonalEmail = @email,FirstName = @fname, Surname = @sname,TelephoneNo = @telno, Password = @password, ContactbyText = @conText, ContactByEmail = @conEmail Where UserName = '" + LblUserName + "'";
应为:
should be:
string updateQuery = "update Personal set PersonalEmail = @email,FirstName = @fname, Surname = @sname,TelephoneNo = @telno, Password = @password, ContactbyText = @conText, ContactByEmail = @conEmail Where UserName = '" + LblUserName.Text + "'";
虽然您将参数化查询与SQL注入攻击。您还应该使用带有LblUserName.Text的参数。
Seems odd to me though that you mixed a parameterized query along with an SQL injection attack. You should use a parameter with LblUserName.Text also.
这篇关于如何更新用户信息Asp.Net C#的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文