我在数据库中插入记录,但它没有保存 [英] i am inserting the record in the database but it is not saving
本文介绍了我在数据库中插入记录,但它没有保存的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
代码如下;
private SqlDataCon SCon = new SqlDataCon();
private SqlDataReader Dr;
插入代码如下;
code as follows;
private SqlDataCon SCon = new SqlDataCon();
private SqlDataReader Dr;
insert code as follows;
protected void Button1_Click(object sender, EventArgs e)
{
Label6.Text = "";
if (FromDate.SelectedDateValue.ToString() == "")
{
Label6.Text = "From date is not selected";
return;
}
if (Todate.SelectedDateValue.ToString() == "")
{
Label6.Text = "To date is not selected";
return;
}
Sql = "insert into BirthDayWish values('" + txt_name.Text + "','" + FromDate.SelectedDateValue.ToString() + "','" + txt_mobile.Text + "','" + Todate.SelectedDateValue.ToString() + "','a','" + txt_Email.Text + "')";
try
{
Dr = SCon.ReadSql(Sql);
//GridView1.DataSource = Dr;
//GridView1.DataBind();
Dr.Close();
}
catch (Exception Ex1)
{
Response.Write(Ex1);
}
}
但未在数据库中保存为什么>
来自我的代码请更正
but is not saving in the database why>
from my code please correct
推荐答案
首先你的代码不安全=)
你已经打开它进行SQL注入,所以我强烈要求你改变sql语句使用sql参数!!
这是一个sugestions。
另一个,到目前为止我明白,你甚至不会尝试对DB执行插入操作,因为SCon.ReadSql(Sql) - >执行读取操作!!!
所以将代码更改为:
Hi first of all your code is not safe =)
You have opened it for SQL injections, so i strongly asking you to change sql statement to use sql parameters!!
That was one sugestions.
Another one, as far sa i understand, you don''t even try to execute insert operation to DB, since SCon.ReadSql(Sql) -> performs read operation!!!
So change your code to:
try
{
con.Open();
Sql = "insert into BirthDayWish values(@p1,@p2,@p3,@p4,#p5)";
SqlCommand cmd = new SqlCommand(Sql, con);
cmd.Parameters.Add("@p1", SqlDbType.VarChar);
cmd.Parameters["@p1"].Value = txt_name.Text;
DateTime dt;
if(!DateTime.TryParse(FromDate.SelectedDateValue.ToString(),out dt))
{// error in date format!!!}
cmd.Parameters.Add("@p2", SqlDbType.DateTime);
cmd.Parameters["@p2"].Value = dt;
/* another stuff goes here!!!*/
cmd.ExecuteNonQuery();
con.Close();
}
catch (Exception Ex1)
{
Response.Write(Ex1);
}
可能是sql数据库日期字段是DateTime,而你的插入日期格式化不是正确的格式化。
May be sql database date field is DateTime,and your insert date formate is not fallow right formate.
这篇关于我在数据库中插入记录,但它没有保存的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文