怀疑在asp.net请解决它 [英] doubt in asp.net please solve it
本文介绍了怀疑在asp.net请解决它的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我的页面是这样的,
CompanyName(这里是一个文本框ID:TextBox9cmpynam)
查看CompanyProfile(按钮)
当我们点击此按钮,数据库中的数据必须显示在相应的文本框中。任何人都可以更正我的代码...
my page is like this,
CompanyName (here is a textbox id:TextBox9cmpynam)
view CompanyProfile(button)
when we click this button the data from database must displayed in the corresponding textbox..any one can correct my code...
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
using System.Data;
public partial class viewcompanyprofile : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click1(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["CRegConnectionString"].ConnectionString);
SqlCommand com = new SqlCommand("select * from CompanyProfile where CompanyName'" + TextBox9cmpynam.Text + "'", con);
SqlDataAdapter da = new SqlDataAdapter(com);
con.Open();
DataSet ds = new DataSet();
string cmdStr = "select count(*) from CompanyProfile where CompanyName='" + TextBox9cmpynam.Text + "'";
SqlCommand User = new SqlCommand(cmdStr, con);
int temp = Convert.ToInt32(User.ExecuteScalar().ToString());
con.Close();
if (temp == 1)
{
try
{
Panel1.Visible = true;
com.ExecuteNonQuery();
da.Fill(ds, "CompanyProfile");
TextBox1cmpynm.Text = ds.Tables["CompanyProfile"].Rows[0]["CompanyName"].ToString();
TextBox2briefprofle.Text = ds.Tables["CompanyProfile"].Rows[0]["BriefProfile"].ToString();
TextBox3addr.Text = ds.Tables["CompanyProfile"].Rows[0]["Address"].ToString();
TextBox4state.Text = ds.Tables["CompanyProfile"].Rows[0]["State"].ToString();
TextBox5country.Text = ds.Tables["CompanyProfile"].Rows[0]["Country"].ToString();
TextBox6phno.Text = ds.Tables["CompanyProfile"].Rows[0]["PhoneNo"].ToString();
TextBox7website.Text = ds.Tables["CompanyProfile"].Rows[0]["Website"].ToString();
TextBox8emailid.Text = ds.Tables["CompanyProfile"].Rows[0][""].ToString();
con.Close();
}
catch (Exception er)
{
Response.Write("Something really bad happend .....Please try again");
}
}
else
{
Panel1.Visible = false;
}
}
}
当我执行此代码时没有错误。但是它没有显示从数据库到文本框的数据
when i executed this code there is no error .but it is not displaying the data from database to textbox
推荐答案
请不要使用内联查询,它会打开您的代码 Sql Injection 攻击。
所以,更改以下查询...
Please don't use inline queries, it opens your code to Sql Injection attack.
So, change the following query...
string cmdStr = "select count(*) from CompanyProfile where CompanyName='" + TextBox9cmpynam.Text + "'";
to .. 。
to...
string query = "select * from CompanyProfile where CompanyName=@CompanyName";
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.AddWithValue("@CompanyName", TextBox9cmpynam.Text);
之后调试代码并查找 DataSet中是否存在任何行 ds 当以下代码行执行时..
After that debug your code and find if there are any rows present in the DataSet ds when the following code line executes..
da.Fill(ds, "CompanyProfile");
[更新]
使用以下代码...
[Update]
Use the below code...
protected void Button1_Click1(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["CRegConnectionString"].ConnectionString);
string query = "select * from CompanyProfile where CompanyName = @CompanyName";
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.Add(new SqlParameter("@CompanyName", TextBox9cmpynam.Text.Trim()));
SqlDataAdapter da = new SqlDataAdapter(cmd);
DataSet ds = new DataSet();
try
{
da.Fill(ds, "CompanyProfile");
if(ds != null && ds.Tables["CompanyProfile"] != null && ds.Tables["CompanyProfile"].Rows.Count > 0)
{
Panel1.Visible = true;
TextBox1cmpynm.Text = ds.Tables["CompanyProfile"].Rows[0]["CompanyName"].ToString();
TextBox2briefprofle.Text = ds.Tables["CompanyProfile"].Rows[0]["BriefProfile"].ToString();
TextBox3addr.Text = ds.Tables["CompanyProfile"].Rows[0]["Address"].ToString();
TextBox4state.Text = ds.Tables["CompanyProfile"].Rows[0]["State"].ToString();
TextBox5country.Text = ds.Tables["CompanyProfile"].Rows[0]["Country"].ToString();
TextBox6phno.Text = ds.Tables["CompanyProfile"].Rows[0]["PhoneNo"].ToString();
TextBox7website.Text = ds.Tables["CompanyProfile"].Rows[0]["Website"].ToString();
TextBox8emailid.Text = ds.Tables["CompanyProfile"].Rows[0][""].ToString(); // Here provide the Column Name.
con.Close();
}
else
{
Panel1.Visible = false;
}
}
catch (Exception er)
{
Response.Write("Something really bad happend .....Please try again");
}
}
您进行商店程序并逐个调用。你的代码是非常困惑的箱子。你确保你的SQL查询工作正常。再次尝试借助制动点并逐行检查。有关更多信息,请尝试此链接 http://csharp.net-tutorials.com/debugging/breakpoints/ [ ^ ]
you make a Store Procedure and call to one by one. your code is very confused crate.You make sure your sql Query is work fine. Once again try with the help of Brake Point and check line by line. for more information try this link http://csharp.net-tutorials.com/debugging/breakpoints/[^]
尝试
Try
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["CRegConnectionString"].ConnectionString);
SqlCommand com = con.CreateCommand();
com.CommandText ="select * from CompanyProfile where CompanyName'" + TextBox9cmpynam.Text + "'";
con.Open();
SqlDataAdapter da = new SqlDataAdapter(com);
con.Open();
DataSet ds = new DataSet();
da.Fill(ds,"CompanyProfile");
int temp = ds.Tables[0].Rows.Count;
if (temp == 1)
{
//Logic based on condition
}
con.Close();
请注意,Tadit已经指出您错过了填充数据集。
此外,避免打开的内联查询SQL注入。
希望这有帮助......
Note that Tadit , already has pointed out that you missed to fill your Dataset .
Also, avoid inline queries which are open to SQL injections.
Hope this helps...
这篇关于怀疑在asp.net请解决它的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
