我收到了一个错误。请帮我解决这个问题 [英] I am getting an error.please help me to solve this
问题描述
字符串'')''后面的未闭合引号。
i写完这行代码后出现此错误。
con = new SqlConnection( 这是我的连接字符串);
con.Open();
cmd = new SqlCommand( 插入注册值(' + txtname + ',' + txtid + ',' + txtpassword + ',' + txtrepassword + ',' + txtaddress + ', + txtage + '),con);
cmd.ExecuteNonQuery();
con.Close();
已添加代码块[/ Edit]
< blockquote>你错过了一个引用:
cmd = new SqlCommand(插入注册值(''+ txtname +'',''+ txtid +''' '' + txtpassword + '', '' + txtrepassword + '', '' + txtaddress +', + txtage + ''),CON);
成为
cmd =新的SqlCommand(插入注册值(''+ txtname +'',''+ txtid + '', '' + txtpassword + '', '' + txtrepassword + '', '' + txtaddress + '', '' + txtage + ''),CON);
但请不要这样做 - 不要连接字符串来构建一个SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。改为使用参数化查询。
cmd =新的SqlCommand(插入注册值(@TNM,@ TID,@ TPW,@ TRP,@ TAD,@ TAG), CON);
cmd.Parameters.AddWithValue(@ TNM,txtname);
cmd.Parameters.AddWithValue(@ TNM,txtid);
cmd.Parameters.AddWithValue(@ TNM,txtpassword);
cmd.Parameters.AddWithValue(@ TNM,txtrepassword);
cmd.Parameters.AddWithValue(@ TNM,txtaddress),
cmd.Parameters.AddWithValue(@ TNM,txtage);
它将解决您的问题并保护您的数据库。
虽然我在这里,但从不存储密码明文 - 这是一个重大的安全风险。有关如何在此处执行此操作的信息:密码存储:如何做到这一点。 [ ^ ]
cmd = new SqlCommand( 插入注册值(' + txtname + ',' + txtid + ',' + txtpassword + ',' + txtrepassword + ',' + txtaddress + ','+ txtage + '), CON);
cmd.ExecuteNonQuery();
注意:为安全起见,请尝试使用参数化查询。
谢谢
Unclosed quotation mark after the character string '')''.
i am getting this error after writing this line of code.
con = new SqlConnection("This is my connection string");
con.Open();
cmd = new SqlCommand("insert into signup values('"+txtname+"','"+txtid+"','"+txtpassword+"','"+txtrepassword+"','"+txtaddress+"',"+txtage+"')",con);
cmd.ExecuteNonQuery();
con.Close();
[Edit]Code block added[/Edit]
You are missing a quote:
cmd = new SqlCommand("insert into signup values(''"+txtname+"'',''"+txtid+"'',''"+txtpassword+"'',''"+txtrepassword+"'',''"+txtaddress+"'',"+txtage+"'')",con);Becomes
cmd = new SqlCommand("insert into signup values(''"+txtname+"'',''"+txtid+"'',''"+txtpassword+"'',''"+txtrepassword+"'',''"+txtaddress+"'',''"+txtage+"'')",con);
But please don''t do that - do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
cmd = new SqlCommand("insert into signup values(@TNM, @TID, @TPW, @TRP, @TAD, @TAG)", con); cmd.Parameters.AddWithValue("@TNM", txtname); cmd.Parameters.AddWithValue("@TNM", txtid); cmd.Parameters.AddWithValue("@TNM", txtpassword); cmd.Parameters.AddWithValue("@TNM", txtrepassword); cmd.Parameters.AddWithValue("@TNM", txtaddress), cmd.Parameters.AddWithValue("@TNM", txtage);It will get rid of your problem and protect your database.
And while I''m here, never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^]
cmd = new SqlCommand("insert into signup values('"+txtname+"','"+txtid+"','"+txtpassword+"','"+txtrepassword+"','"+txtaddress+"','"+txtage+"')",con); cmd.ExecuteNonQuery();
Note: Try to use parameterized query for security purpose.
Thanks
这篇关于我收到了一个错误。请帮我解决这个问题的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!