任何人都可以解决这个紧急情况....... [英] can anyone solve this answe its urgent..........
问题描述
我的数据库名称是"Parent",表名称是"details",我这样写查询
my database name is "Parent" and table name is "details" i write query like this
id(nchar(10));
name(char(50));
parentname(char(50));
我必须同时将值存储在treenode中,我必须存储到DB
在给定代码plzzzz的情况下,我在此存在错误,任何人都可以解决此代码.........
i have to store values in treenode at the same time i have to store into DB
i have bugs in this below given code plzzzz anyone solve this code.........
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace examples
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void Form1_Load(object sender, EventArgs e)
{
}
private void btnparent_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Server=192.168.0.50\\CIODEVDB;user id=sa;password=epm@3108;database=Parent");
con.Open();
string s = "INSERT INTO details(name)values('" + textBox1.Text + "')";
SqlCommand Cmd = new SqlCommand(s, con);
TreeNode parentnode = new TreeNode(textBox1.Text);
treeView1.Nodes.Add(parentnode);
//Cmd.ExecuteNonQuery();
treeView1.ForeColor = Color.Red;
con.Close();
textBox1.Clear();
}
private void btnadd_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Server=192.168.0.50\\CIODEVDB;user id=sa;password=epm@3108;database=Parent");
con.Open();
string s = "INSERT INTO details(name,refid)values('" + textBox1.Text + "'," + getNodeid(treeView1.SelectedNode.ToString()) + ")";
SqlCommand cmd = new SqlCommand(s, con);
cmd.ExecuteNonQuery();
TreeNode childnode = new TreeNode(textBox1.Text);
treeView1.SelectedNode.Nodes.Add(childnode);
treeView1.ExpandAll();
textBox1.Clear();
con.Close();
Load_tree2();
textBox1.Clear();
}
private void Load_tree2()
{
SqlConnection con = new SqlConnection("Server=192.168.0.50\\CIODEVDB;user id=sa;password=epm@3108;database=Parent");
con.Open();
DataSet ds = PDataset("Select * from details");
treeView1.Nodes.Clear();
foreach (DataRow dr in ds.Tables[0].Rows)
{
if ((Convert.ToInt32(dr["refid"].ToString()) == 0))
{
TreeNode tnParent = new TreeNode();
tnParent.Text = dr["name"].ToString();
string value = dr["id"].ToString();
tnParent.Expand();
treeView1.Nodes.Add(tnParent);
FillChild(tnParent, value);
}
}
}
public int FillChild(TreeNode parent, string ID)
{
SqlConnection con = new SqlConnection("Server=192.168.0.50\\CIODEVDB;user id=sa;password=epm@3108;database=Parent");
con.Open();
DataSet ds = PDataset("SELECT * FROM details WHERE refid =" + ID);
if (ds.Tables[0].Rows.Count > 0)
{
foreach (DataRow dr in ds.Tables[0].Rows)
{
TreeNode child = new TreeNode();
child.Text = dr["name"].ToString().Trim();
string temp = dr["id"].ToString();
child.Collapse();
parent.Nodes.Add(child);
FillChild(child, temp);
}
return 0;
}
else
{
return 0;
}
}
private int getNodeid(string nodename)
{
SqlConnection con = new SqlConnection("Server=USER-2551D3EFE2\\SQLEXPRESS;User Id=sa;Password=abc123;Database=employee");
string node = nodename.Substring(10);
con.Open();
string s = "select id from details where name='" + node + "'";
SqlCommand Cmd = new SqlCommand(s, con);
SqlDataAdapter da = new SqlDataAdapter(Cmd);
DataTable dt = new DataTable();
da.Fill(dt);
string aa = dt.Rows[0][0].ToString();
con.Close();
return Convert.ToInt32(aa);
}
private void btnremove_Click(object sender, EventArgs e)
{
treeView1.SelectedNode.Remove();
}
protected DataSet PDataset(string s)
{
SqlConnection con = new SqlConnection("Server=192.168.0.50\\CIODEVDB;user id=sa;password=epm@3108;database=Parent");
SqlDataAdapter da = new SqlDataAdapter(s, con);
DataSet ds = new DataSet();
da.Fill(ds);
con.Close();
return ds;
}
}
}
推荐答案
string s = "INSERT INTO details(name,refid)values('" + textBox1.Text + "'," + getNodeid(treeView1.SelectedNode.ToString()) + ")";
除了这是一件非常不好的事情(Google表示"SQL注入")之外,您不能确定getNodeid()
实际上是否成功返回了一个值.将代码分解为更多逻辑步骤,并在尝试使用值或对象引用之前对其进行检查.
Apart from the fact that this is a really bad thing to do (Google for "SQL Injection"), you cannot be certain that getNodeid()
actually returns a value successfully. Break your code down into more logical steps and check that you actually have a value or object reference before trying to use it.
这篇关于任何人都可以解决这个紧急情况.......的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!