我在数据库中插入记录,但它没有保存 [英] i am inserting the record in the database but it is not saving

查看:101
本文介绍了我在数据库中插入记录,但它没有保存的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

代码如下;



private SqlDataCon SCon = new SqlDataCon();

private SqlDataReader Dr;



插入代码如下;

code as follows;

private SqlDataCon SCon = new SqlDataCon();
private SqlDataReader Dr;

insert code as follows;

protected void Button1_Click(object sender, EventArgs e)
    {
        Label6.Text = "";

        if (FromDate.SelectedDateValue.ToString() == "")
        {
            Label6.Text = "From date is not selected";
            return;
        }
        if (Todate.SelectedDateValue.ToString() == "")
        {
            Label6.Text = "To date is not selected";
            return;
        }

            Sql = "insert into BirthDayWish values('" + txt_name.Text + "','" + FromDate.SelectedDateValue.ToString() + "','" + txt_mobile.Text + "','" + Todate.SelectedDateValue.ToString() + "','a','" + txt_Email.Text + "')";
            try
            {
            Dr = SCon.ReadSql(Sql);
            //GridView1.DataSource = Dr;
            //GridView1.DataBind();
            Dr.Close();
        }

        catch (Exception Ex1)
        {
            Response.Write(Ex1);
        }
    }





但未在数据库中保存为什么>



来自我的代码请更正



but is not saving in the database why>

from my code please correct

推荐答案

首先你的代码不安全=)

你已经打开它进行SQL注入,所以我强烈要求你改变sql语句使用sql参数!!

这是一个sugestions。

另一个,到目前为止我明白,你甚至不会尝试对DB执行插入操作,因为SCon.ReadSql(Sql) - >执行读取操作!!!



所以将代码更改为:

Hi first of all your code is not safe =)
You have opened it for SQL injections, so i strongly asking you to change sql statement to use sql parameters!!
That was one sugestions.
Another one, as far sa i understand, you don''t even try to execute insert operation to DB, since SCon.ReadSql(Sql) -> performs read operation!!!

So change your code to: 
 try
        {
            con.Open();
            Sql = "insert into BirthDayWish values(@p1,@p2,@p3,@p4,#p5)";
            SqlCommand cmd = new SqlCommand(Sql, con);
            cmd.Parameters.Add("@p1", SqlDbType.VarChar);
            cmd.Parameters["@p1"].Value = txt_name.Text;
            DateTime dt;
            if(!DateTime.TryParse(FromDate.SelectedDateValue.ToString(),out dt))
            {// error in date format!!!}  
            cmd.Parameters.Add("@p2", SqlDbType.DateTime);
            cmd.Parameters["@p2"].Value = dt;           
/* another stuff goes here!!!*/
 
            cmd.ExecuteNonQuery();
            con.Close();
        }
        catch (Exception Ex1)
        {
            Response.Write(Ex1);
        }


可能是sql数据库日期字段是DateTime,而你的插入日期格式化不是正确的格式化。
May be sql database date field is DateTime,and your insert date formate is not fallow right formate.


这篇关于我在数据库中插入记录,但它没有保存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆