任何人都可以解决这个紧急情况....... [英] can anyone solve this answe its urgent..........

问题描述

我的数据库名称是"Parent"，表名称是"details"，我这样写查询

my database name is "Parent" and table name is "details" i write query like this

id(nchar(10));
name(char(50));
parentname(char(50));

我必须同时将值存储在treenode中，我必须存储到DB

在给定代码plzzzz的情况下，我在此存在错误，任何人都可以解决此代码.........

i have to store values in treenode at the same time i have to store into DB

i have bugs in this below given code plzzzz anyone solve this code.........

using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;

namespace examples
{
    public partial class Form1 : Form
    {
        public Form1()
        {
            InitializeComponent();
        }

        private void Form1_Load(object sender, EventArgs e)
        {

        }

        private void btnparent_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection("Server=192.168.0.50\\CIODEVDB;user id=sa;password=epm@3108;database=Parent");

            con.Open();
            string s = "INSERT INTO details(name)values('" + textBox1.Text + "')";

            SqlCommand Cmd = new SqlCommand(s, con);
            TreeNode parentnode = new TreeNode(textBox1.Text);
            treeView1.Nodes.Add(parentnode);
            //Cmd.ExecuteNonQuery();

            treeView1.ForeColor = Color.Red;
            con.Close();
            textBox1.Clear();
        }

        private void btnadd_Click(object sender, EventArgs e)
        {
            SqlConnection con = new SqlConnection("Server=192.168.0.50\\CIODEVDB;user id=sa;password=epm@3108;database=Parent");
            

            con.Open();


            string s = "INSERT INTO details(name,refid)values('" + textBox1.Text + "'," + getNodeid(treeView1.SelectedNode.ToString()) + ")";

            SqlCommand cmd = new SqlCommand(s, con);


            cmd.ExecuteNonQuery();

            TreeNode childnode = new TreeNode(textBox1.Text);
            treeView1.SelectedNode.Nodes.Add(childnode);
            treeView1.ExpandAll();
            textBox1.Clear();
            con.Close();
            Load_tree2();
            textBox1.Clear();
        }

        private void Load_tree2()
        {
         SqlConnection con = new SqlConnection("Server=192.168.0.50\\CIODEVDB;user id=sa;password=epm@3108;database=Parent");
            con.Open();
            DataSet ds = PDataset("Select * from details");
            treeView1.Nodes.Clear();
            foreach (DataRow dr in ds.Tables[0].Rows)
            {
                if ((Convert.ToInt32(dr["refid"].ToString()) == 0))
                {
                    TreeNode tnParent = new TreeNode();
                    tnParent.Text = dr["name"].ToString();
                    string value = dr["id"].ToString();
                    tnParent.Expand();
                    treeView1.Nodes.Add(tnParent);
                    FillChild(tnParent, value);
                }
            }
        }

        public int FillChild(TreeNode parent, string ID)
        {
          SqlConnection con = new SqlConnection("Server=192.168.0.50\\CIODEVDB;user id=sa;password=epm@3108;database=Parent");

            con.Open();
            DataSet ds = PDataset("SELECT * FROM details WHERE refid =" + ID);
            if (ds.Tables[0].Rows.Count > 0)
            {
                foreach (DataRow dr in ds.Tables[0].Rows)
                {
                    TreeNode child = new TreeNode();
                    child.Text = dr["name"].ToString().Trim();
                    string temp = dr["id"].ToString();
                    child.Collapse();
                    parent.Nodes.Add(child);
                    FillChild(child, temp);
                }
                return 0;
            }
            else
            {
                return 0;
            }
       
    
            
        }
        private int getNodeid(string nodename)
        {
            SqlConnection con = new SqlConnection("Server=USER-2551D3EFE2\\SQLEXPRESS;User Id=sa;Password=abc123;Database=employee");
            string node = nodename.Substring(10);
            con.Open();
            string s = "select id from details where name='" + node + "'";
            SqlCommand Cmd = new SqlCommand(s, con);
            SqlDataAdapter da = new SqlDataAdapter(Cmd);
            DataTable dt = new DataTable();
            da.Fill(dt);
            string aa = dt.Rows[0][0].ToString();
            con.Close();
            return Convert.ToInt32(aa);
        }

        private void btnremove_Click(object sender, EventArgs e)
        {
            treeView1.SelectedNode.Remove();
        }
        protected DataSet PDataset(string s)
        {
            SqlConnection con = new SqlConnection("Server=192.168.0.50\\CIODEVDB;user id=sa;password=epm@3108;database=Parent");
            SqlDataAdapter da = new SqlDataAdapter(s, con);
            DataSet ds = new DataSet();
            da.Fill(ds);
            con.Close();
            return ds;
        }

     
    }
}

推荐答案

string s = "INSERT INTO details(name,refid)values('" + textBox1.Text + "'," + getNodeid(treeView1.SelectedNode.ToString()) + ")";

除了这是一件非常不好的事情(Google表示"SQL注入")之外，您不能确定getNodeid()实际上是否成功返回了一个值.将代码分解为更多逻辑步骤，并在尝试使用值或对象引用之前对其进行检查.

Apart from the fact that this is a really bad thing to do (Google for "SQL Injection"), you cannot be certain that getNodeid() actually returns a value successfully. Break your code down into more logical steps and check that you actually have a value or object reference before trying to use it.

这篇关于任何人都可以解决这个紧急情况.......的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！