这段代码中的错误是什么。 [英] What the error in this code.
本文介绍了这段代码中的错误是什么。的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
cmd3.CommandText = "UPDATE Seats SET SeatStatus = 'Y' WHERE (FlightId =('" + flightf + "') AND SeatName =('" + DropDownList4.SelectedValue + "'))";
感谢您的帮助
问题是
thanks for helping
the problem is
DropDownList4.SelectedValue
:
我这样做是为了它的工作:
:
when i do it like this its work:
string ss = "Y";
string sn = "C07";
cmd3.CommandText = "UPDATE Seats SET SeatStatus = ('" + ss + "') WHERE FlightId =('" + flightf + "') AND SeatName =('" + sn + "')";
因此价值问题
i试试这个:
so the problem in the value
i try this:
string sn = Convert.ToString(DropDownList4.SelectedValue);
无效
not worked
推荐答案
主要错误是您通过连接用户的字符串输入来构建SQL查询。
这很容易发生SQL注入攻击。
更好地使用参数化查询。
其他错误可能是所选值的问题你的DropDownList(例如,它包含字符')。只是猜测你提供的信息很少。
The main error is you are constructing a SQL query by concatenating string input from user.
This is prone to SQL injection attacks.
Better use parameterized query.
Other error could be a problem with the selected value of your DropDownList (for example, it contains the character '). It's just a guess with the little information you are providing.
cmd3.CommandText = "UPDATE Seats SET SeatStatus = 'Y' WHERE FlightId ='" + flightf + "' AND SeatName ='" + DropDownList4.SelectedValue + "'";
我觉得下拉列表没有返回由于您收到错误而导致的值。因此,请确保您获得DropDownList4.SelectedValue的某些值;如果你没有得到一些价值,你可以尝试使用DropDownList4.Text或DropDownList4.SelectedItem来获取价值。
I feel that the dropdownlist is not returning the value due to which you are getting the error. So, make it sure that you are getting some value against DropDownList4.SelectedValue; if you don't get some value you can try getting value by using DropDownList4.Text or DropDownList4.SelectedItem.
这篇关于这段代码中的错误是什么。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文