这段代码中的错误是什么。 [英] What the error in this code.

问题描述

cmd3.CommandText = "UPDATE Seats SET SeatStatus = 'Y' WHERE (FlightId =('" + flightf + "') AND SeatName =('" + DropDownList4.SelectedValue + "'))";

感谢您的帮助



问题是

thanks for helping

the problem is

DropDownList4.SelectedValue

：



我这样做是为了它的工作：

:

when i do it like this its work:

string ss = "Y";
string sn =  "C07";
cmd3.CommandText = "UPDATE Seats SET SeatStatus = ('" + ss + "') WHERE FlightId =('" + flightf + "') AND SeatName =('" + sn + "')";

因此价值问题



i试试这个：

so the problem in the value

i try this:

string sn = Convert.ToString(DropDownList4.SelectedValue);

无效

not worked

推荐答案

主要错误是您通过连接用户的字符串输入来构建SQL查询。

这很容易发生SQL注入攻击。

更好地使用参数化查询。



其他错误可能是所选值的问题你的DropDownList（例如，它包含字符'）。只是猜测你提供的信息很少。

The main error is you are constructing a SQL query by concatenating string input from user.
This is prone to SQL injection attacks.
Better use parameterized query.

Other error could be a problem with the selected value of your DropDownList (for example, it contains the character '). It's just a guess with the little information you are providing.

cmd3.CommandText = "UPDATE Seats SET SeatStatus = 'Y' WHERE FlightId ='" + flightf + "' AND SeatName ='" + DropDownList4.SelectedValue + "'";

我觉得下拉列表没有返回由于您收到错误而导致的值。因此，请确保您获得DropDownList4.SelectedValue的某些值;如果你没有得到一些价值，你可以尝试使用DropDownList4.Text或DropDownList4.SelectedItem来获取价值。

I feel that the dropdownlist is not returning the value due to which you are getting the error. So, make it sure that you are getting some value against DropDownList4.SelectedValue; if you don't get some value you can try getting value by using DropDownList4.Text or DropDownList4.SelectedItem.

这篇关于这段代码中的错误是什么。的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！