在C#中开发网站时出现的问题 [英] Issue while developing website in C#

问题描述

您能帮我吗，我现在正在建立一个网站.实际上，我是使用C#的新手，我对这种语言不是很熟悉，因此我需要有关此的帮助:

错误提示:

System.Data.SqlClient.SqlException:插入错误:列名或提供的值数与表定义不匹配.在系统上System.Data.SqlClient.SqlInternalConnection.OnError(SqlException异常，布尔值BreakConnection)在System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) .Data.SqlClient.TdsParser.Run(System.Data.SqlClient.SqlCommand.RunCommandNonQueryTds(String methodName，Boolean async)在System.Data.SqlClient.在c.\ Users \ Hansel \ Documents \ Visual Studio 2008 \ WebSites \中的order.acceptbtn_Click(Object sender，EventArgs e)处的System.Data.SqlClient.SqlCommand.ExecuteNonQuery()处的InternalExecuteNonQuery(DbAsyncResult结果，字符串methodName，布尔sendToPipe) phalWebSite \ order.aspx.cs:第49行

这是我的代码:

Can you help me, i am making a website now. Actually i am new in using C# im not really familiarize in this language so I need help regarding this :

The error says:

System.Data.SqlClient.SqlException: Insert Error: Column name or number of supplied values does not match table definition. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj) at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) at System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName, Boolean async) at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery() at order.acceptbtn_Click(Object sender, EventArgs e) in c:\Users\Hansel\Documents\Visual Studio 2008\WebSites\phalWebSite\order.aspx.cs:line 49

this is my codes:

string connect = @"server=.\sqlexpress;database=order;integrated security = true";
        SqlConnection con = new SqlConnection(connect);
        con.Open();
        SqlCommand cmd = new SqlCommand(@"Insert into ordertable values(''"+nametxt.Text+"'',''"+addresstxt.Text+"'')",con);
        cmd.ExecuteNonQuery();
        con.Close();
        nametxt.Text="";
        addresstxt.Text="";

有人能帮我吗.谢谢！

[edit]已添加代码块-OriginalGriff [/edit]

Can someone help me. thx !

[edit]Code block added - OriginalGriff[/edit]

推荐答案

尝试列出您希望值输入的字段名称:

Try listing the field names you want the values to go into:

SqlCommand cmd = new SqlCommand(@"Insert into ordertable ( field1, field2) values('"+nametxt.Text+"','"+addresstxt.Text+"')",con);

顺便说一句:不要输入这样的数据:而是使用参数化查询.直接添加TextBox.Text可以使您有意或无意地遭受SQL注入攻击.

BTW: Don''t enter data like that: use parametrized queries instead. Directly adding your TextBox.Text leave you wide open to a SQL injection attack, either deliberately or accidentaly.

SqlCommand cmd = new SqlCommand(@"Insert into ordertable ( field1, field2) values(@F1, @F2)", con);
cmd.Parameters.AddWithValue("@F1", nametxt.Text);
cmd.Parameters.AddWithValue("@F2", addresstxt.Text);

[edit]:-O忘记了参数化版本的连接-OriginalGriff [/edit]

[edit] :-O Forgot the connection on the parametrized version - OriginalGriff[/edit]

这篇关于在C#中开发网站时出现的问题的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！