asp.net Web应用程序 [英] asp.net web application
本文介绍了asp.net Web应用程序的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
先生,
i开发一个应用程序这些应用程序有7个文本框控件和2个按钮控件并使用后端
数据库是sqlserver2008这里是调试没问题但是我单击保存按钮,并给出错误消息,消息是语法不正确)。
描述:执行当前Web请求时发生未处理的异常。请查看堆栈跟踪以获取更多信息有关错误的信息及其在代码中的起源。
异常详细信息:System.Data.SqlClient.SqlException:')'附近的语法不正确。
有什么问题
我们发送代码
protected void BTNSAVE(对象发送者) ,EventArgs e)
{
SqlConnection con = new SqlConnection(Data Source = NSYS1 \\SQLEXPRESS; Initial Catalog = agfl; connect timeout = 30; Integrated Security = True);
SqlCommand mycom;
mycom = new SqlCommand(In sert into stf(sno,rdate,acno,name,vno,amt,edate,chno)值('+ TextBox1.Text +','+ TextBox6.Text +','+ TextBox2.Text + ','+ TextBox7.Text +','+ TextBox4.Text +','+ TextBox8.Text +','+ TextBox5.Text +','+ TextBox9.Text + ',),con);
con.Open();
mycom.Parameters.AddWithValue(sno,@ TextBox1.Text);
mycom.Parameters.AddWithValue(rdate,@ TextBox6.Text);
mycom.Parameters.AddWithValue(acno,@ TextBox2.Text);
mycom.Parameters.AddWithValue(name,@ TextBox7.Text);
mycom.Parameters.AddWithValue(vno,@ TextBox4.Text);
mycom.Parameters.AddWithValue(amt,@ TextBox8.Text);
mycom.Parameters.AddWithValue(edate,@ TextBox5.Text);
mycom.Parameters.AddWithValue(chno,@ TextBox9.Text);
mycom.ExecuteNonQuery();
con.Close();
}
解决方案
这是因为你在右括号之前有一个逗号。
然而,这是一种可怕的方式。任何知道足够SQL的人都可能丢弃表或者弄乱你的数据库。我建议你研究SQL注射。您还要为没有参数的内容添加参数。
您应该将您的sql语句更改为:
... VALUES ( @ sno ,< span class =code-sdkkeyword> @ rdate , @ acno ,...)
然后当您使用文本框值添加参数时,值将被替换为sql语句。
首先,您没有使用参数化正确查询。您仍然容易受到SQL注入的影响,并且您要为要插入的表的列名分配值。
您的代码应如下所示:
protected void BTNSAVE(object sender,EventArgs e)
{
SqlConnection con = new SqlConnection(Data Source = NSYS1 \\SQLEXPRESS;初始目录= agfl; connect timeout = 30; Integrated Security = True);
SqlCommand mycom;
mycom = new SqlCommand(Insert into stf(sno,rdate,acno,name,vno,amt,edate,chno)值(@ sno,@ rdate,@ acno,@ name,@ vno,@ amt, @ edate,@ chno),con);
con.Open();
mycom.Parameters.AddWithValue(@ sno,TextBox1.Text);
mycom.Parameters.AddWithValue(@ rdate,TextBox6.Text);
mycom.Parameters.AddWithValue(@ acno,TextBox2.Text);
mycom.Parameters.AddWithValue(@ name,TextBox7.Text);
mycom.Parameters.AddWithValue(@ vno,TextBox4.Text);
mycom.Parameters.AddWithValue(@ amt,TextBox8.Text);
mycom.Parameters.AddWithValue(@ edate,TextBox5.Text);
mycom.Parameters.AddWithValue(@ chno,TextBox9.Text);
mycom.ExecuteNonQuery();
con.Close();
}
mycom = new SqlCommand( Insert into stf(sno,rdate,acno,name,vno,amt,edate) ,chno)值(' + TextBox1.Text + ',' + TextBox6.Text + ',' + TextBox2.Text + ',' + TextBox7.Text + ',' + TextBox4.Text + ',' + TextBox8.Text + ',' + TextBox5.Text + ',' + TextBox9.Text + '),con);
Sir,
i am develop one application these application has 7 textbox controls and 2 button control and using backend
database is sqlserver2008 here is on debugging is no problem but i click the save button it given the error message that message is " Incorrect syntax near ')'.
Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.
Exception Details: System.Data.SqlClient.SqlException: Incorrect syntax near ')'.
what is the problem
and we are send the code
protected void BTNSAVE(object sender, EventArgs e) { SqlConnection con = new SqlConnection("Data Source=NSYS1\\SQLEXPRESS;Initial Catalog=agfl;connect timeout=30;Integrated Security=True"); SqlCommand mycom; mycom = new SqlCommand("Insert Into stf(sno,rdate,acno,name,vno,amt,edate,chno)Values('" + TextBox1.Text + "','" + TextBox6.Text + "','" + TextBox2.Text + "','" + TextBox7.Text + "','" + TextBox4.Text + "','" + TextBox8.Text + "','" + TextBox5.Text + "','" + TextBox9.Text + "',)", con); con.Open(); mycom.Parameters.AddWithValue("sno", @TextBox1.Text); mycom.Parameters.AddWithValue("rdate",@TextBox6.Text); mycom.Parameters.AddWithValue("acno", @TextBox2.Text); mycom.Parameters.AddWithValue("name", @TextBox7.Text); mycom.Parameters.AddWithValue("vno", @TextBox4.Text); mycom.Parameters.AddWithValue("amt", @TextBox8.Text); mycom.Parameters.AddWithValue("edate",@TextBox5.Text); mycom.Parameters.AddWithValue("chno",@TextBox9.Text); mycom.ExecuteNonQuery(); con.Close(); }解决方案It is because you have a comma right before your closing parenthesis.
However, this is a terrible way to do. Anyone who knows enough SQL could drop tables or otherwise mess up your database. I suggest you research SQL Injections. You are also adding parameters to something that doesn't have parameters.
You should change your sql statement to be:
... VALUES (@sno, @rdate, @acno,...)
and then when you add parameters using your textbox values the values will get replaced into the sql statement.
First thing's first, you are not using parameterized queries correctly. You are still susceptible to SQL injection and you are assigning values to the column names of the table are you attempting to insert into.
Your code should look something like this:
protected void BTNSAVE(object sender, EventArgs e) { SqlConnection con = new SqlConnection("Data Source=NSYS1\\SQLEXPRESS;Initial Catalog=agfl;connect timeout=30;Integrated Security=True"); SqlCommand mycom; mycom = new SqlCommand("Insert Into stf(sno,rdate,acno,name,vno,amt,edate,chno) Values(@sno,@rdate,@acno,@name,@vno,@amt,@edate,@chno)", con); con.Open(); mycom.Parameters.AddWithValue("@sno",TextBox1.Text); mycom.Parameters.AddWithValue("@rdate",TextBox6.Text); mycom.Parameters.AddWithValue("@acno",TextBox2.Text); mycom.Parameters.AddWithValue("@name",TextBox7.Text); mycom.Parameters.AddWithValue("@vno",TextBox4.Text); mycom.Parameters.AddWithValue("@amt",TextBox8.Text); mycom.Parameters.AddWithValue("@edate",TextBox5.Text); mycom.Parameters.AddWithValue("@chno",TextBox9.Text); mycom.ExecuteNonQuery(); con.Close(); }
mycom = new SqlCommand("Insert Into stf(sno,rdate,acno,name,vno,amt,edate,chno)Values('" + TextBox1.Text + "','" + TextBox6.Text + "','" + TextBox2.Text + "','" + TextBox7.Text + "','" + TextBox4.Text + "','" + TextBox8.Text + "','" + TextBox5.Text + "','" + TextBox9.Text + "')", con);
这篇关于asp.net Web应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
