数据库双重查询错误 [英] Database double query error
本文介绍了数据库双重查询错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
执行代码
"There is already an open DataReader associated with this Command which must be closed first"
protected void ImageButton1_Click(object sender, ImageClickEventArgs e)
{
SqlConnection con = new SqlConnection("Data Source=(local);Initial Catalog=RoomReservation;Integrated Security=True");
con.Open();
SqlCommand cmdsel = new SqlCommand("Select Payment from Bank where NICNO ='MOH'", con);
SqlDataReader read = cmdsel.ExecuteReader();
while (read.Read())
{
if ( int.Parse(tprice.Text) <int.parse(> {
SqlCommand cmd = new SqlCommand("insert into romreserve values('" + Label1.Text + "','" + Title.SelectedItem.Text + "','" + FN.Text + "','" + SN.Text + "','" + Email.Text + "','" + Address.Text + "','" + Mobile.Text + "','" + Phone.Text + "','" + Country.Text + "','" + City.Text + "','" + rname.Text + "','" + cid.Text + "','" + cod.Text + "','" + adult.Text + "','" + child.Text + "','" + nr.Text + "','" + rent.Text + "','" + nrr.Text + "','" + tprice.Text + "','false') " + "UPDATE Bank SET Payment = (Payment -" + tprice.Text + ") WHERE NICNO = '" + FN.Text + "'", con);
cmd.ExecuteNonQuery();
}
else {
string script = "alert('Your Account balance will be less than');";
ClientScript.RegisterClientScriptBlock(this.GetType(), "Alert", script, true);
}
}
}
推荐答案
从不将字符串连接与未经验证的用户输入一起使用. EVER .您只是在要求SQL注入攻击造成数据泄露.您应该使用存储过程或至少使用参数化的查询.
您应该了解有关使用语句的信息.
除了您自己创建的所有这些问题之外,您还尝试使用SqlDataReader已打开并正在使用的SqlConnection.我什至看不到您实际使用SqlDataReader值的任何地方.
NEVER use string concatenation with unvalidated user input. EVER. You are just asking for a data breach from SQL injection attacks. You should be using stored procedures or at the least parametrized queries.
You should learn about using statements.
In addition to all of these problems you have created for yourself you are attempting to use a SqlConnection that has already been opened and in use by the SqlDataReader. I can''t even see any place where you are actually using the SqlDataReader values.
Declare another connection object and use it in the while loop
SqlConnection con1 = new SqlConnection("Data Source=(local);Initial Catalog=RoomReservation;Integrated Security=True");
while (read.Read())
{
if ( int.Parse(tprice.Text) <int.parse(> {
SqlCommand cmd=new SqlCommand("...",con1)
con1.Open();
cmd.ExecuteNonQuery();
con1.Close()
}
您可以尝试一下.
1.将其保存在webconfig文件中
hi you can try this..
1. you save this in webconfig file
<appSettings>
<add key="dbConnection" value="Data Source=accerlap2; Initial Catalog=PMSW; User ID=sa; Password=p@ssword;"/>
</appSettings>
2.并在aspx.cs页面中
2.and in aspx.cs page
SqlConnection connection = new SqlConnection(WebConfigurationManager.AppSettings["dbConnection"].ToString());
SqlCommand cmd = new SqlCommand("Select * from table1...., connection);
希望它能解决.如果是您的解决方案,请选择接受解决方案..
hope it works.if it is ur solution select accept solution..
这篇关于数据库双重查询错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
