使用MS sql server 2008在c#应用程序中的每次单击按钮上创建新表. [英] Create new table on each click of button in c# application using MS sql server 2008.

问题描述

正在使用Windows应用程序.每次单击按钮时，它需要创建一个新表，并且该表的列名应从文本框中获取，并且其数据类型应从GUI中提供的组合框中选择. br/> 由于每个表的表名不能相同...表名也应从文本框中给出.

这是代码正在使用的代码...但是它显示错误``NullRefernceException Unhandled''``对象引用未设置为对象的实例.''.
你能帮我吗..我需要完成它并在大学里提交.

Am working on a windows application..its need to create a new table each time a button is clicked and the column names for the table should be taken from textboxes and its datatypes should be selected from combobox given in the GUI.
As the table name cannot be same for each table...the table name should also be given from a textbox.

This is the code am using for it...but it is showing error ''NullRefernceException Unhandled'' ''Object reference not set to an instance of an object.''.
Can u please help me with it..i need to finish it and submit in the college.

SqlConnection cn=new SqlConnection(@"server=KARAN-VAIO\SQLEXPRESS;database=master;integrated security=SSPI");
            cn.Open();
            SqlCommand cmd=new SqlCommand("create table '"+textBox8.Text+"'('"+textBox2.Text+"' '"+comboBox2.SelectedItem.ToString()+"','"+textBox3.Text+"' '"+comboBox3.SelectedItem.ToString()+"','"+textBox4.Text+"' '"+comboBox4.SelectedItem.ToString()+"','"+textBox5.Text+"' '"+comboBox5.SelectedItem.ToString()+"','"+textBox6.Text+"' '"+comboBox6.SelectedItem.ToString()+"','"+textBox7.Text+"' '"+comboBox7.SelectedItem.ToString()+"')",cn);
            cmd.ExecuteNonQuery();
            cn.Close();
            MessageBox.Show("Continue");

推荐答案

请参阅马库斯(Marcus)和我的问题的评论.用户几乎可以输入任何内容，包括SQL片段，而不是某些数据.这是一个众所周知的漏洞利用.

对于初学者，请阅读:
http://en.wikipedia.org/wiki/SQL_injection [ http://msdn.microsoft.com/en-us/library/yy6y35y8％28v = vs.110％29.aspx [ ^ ]，
http://msdn.microsoft.com/en-us/library/ms228934％28v = vs.90％29.aspx [ ^ ].

关于异常，当变量或成员实际上为空时，通过使用其实例的任何实例(非静态)成员来取消引用某个引用类型的对象时，将引发该异常.您需要确保使用构造后创建的非null值正确初始化了变量/成员，或者检查它是否为null.如果为null，则执行其他操作.只有两个选择；这个问题是最容易发现和修复的问题之一.只需使用调试器即可查看其位置.

祝你好运.

—SA

Please see the comments to the question by Marcus, as well as mine. The user can input just about anything, including… an SQL fragment, instead of some data. This is a well-known exploit.

For starters, please read:
http://en.wikipedia.org/wiki/SQL_injection[^],
http://msdn.microsoft.com/en-us/library/yy6y35y8%28v=vs.110%29.aspx[^],
http://msdn.microsoft.com/en-us/library/ms228934%28v=vs.90%29.aspx[^].

As to the exception, it is thrown when you dereference some object of a reference type, by using any of its instance (non-static) members, when the variable or member is actually null. You either need to make sure the variable/member is properly initialized with non-null value created as a result of construction, or check it for null; if it is null, do something else. Just two option; and this problem is one of the easiest to detect and fix. Just use the debugger to see where it is.

Good luck.

—SA

这篇关于使用MS sql server 2008在c#应用程序中的每次单击按钮上创建新表.的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！