在SQL数据库单选按钮值 [英] Radio button value in SQL database
问题描述
我工作的基本的网站使用Visual Studio 2013在注册表单有男性或女性的单选按钮,选择一个SQL数据库。 IM使用asp.net。
I am working on basic website with a SQL database using Visual Studio 2013. On the sign up form there are radio button selections of male or female. Im using asp.net.
<div class="radio-inline" style="padding-left: 0px;">
<label class="labelinput">Gender:</label>
<label class="radio-inline">
<input class="radio" type="radio" value="male" id="male"
name="gender" checked="checked"/>
<p style="margin: 0; padding-left: 20px; color: black;
font-size: 1.4em;">Male</p>
</label>
<label class="radio-inline">
<input class="radio" type="radio" value="female" id="female" name="gender" />
<p style="margin: 0; padding-left: 20px; color: black;
font-size: 1.4em;">Female</p>
</label>
</div>
我试图做在数据库中添加性别一栏。然后在C#中的一部分,我写这样的:
What I tried doing was adding a column of 'gender' in the database. Then in the c# part I wrote this:
string gender = Request.Form["gender"];
我使用包含功能连接到数据库的类。类的名称为埃坦。一个的功能是连接到数据库和执行的SQL行:
I use a class that contains functions to connect to the database. The class's name is 'Eitan'. One of the functions is to connect to the database and perform the sql line:
public static void DoQuery(string fileName, string sql)
{
SqlConnection conn = ConnectToDb(fileName);
conn.Open();
SqlCommand com = new SqlCommand(sql, conn);
com.ExecuteNonQuery();
com.Dispose();
conn.Close();
}
我的SQL行是:
My sql line is:
string sql;
sql = "insert into users(fullname, username, password, email, cell, birthday, adress, gender)";
sql += " values('" + fullname + "','" + username + "','" + password + "','" + email + "','" + cell + "','" + birthday + "','" + adress + "','" + gender + "')";
(我已经不仅仅是性别更多)的文件名(数据库文件名):
(I have more than just the gender) The filename (database file name):
string filename = "database.mdf";
于是我就用了函数名和SQL语句,当我填写表格和preSS提交它带给我回'com.ExecuteNonQuery();'在功能DoQuery并显示我这个错误:
So I use the function with the filename and sql sentence, and when I fill out the form and press submit it brings me back to 'com.ExecuteNonQuery();' in the function DoQuery and shows me this error:
类型'System.Data.SqlClient.SqlException'的异常出现在system.data.dll但在用户code没有处理的附加信息:无效的列名性别
An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code Additional information: Invalid column name 'gender'.
任何想法,我应该怎么办呢?
Any ideas what I should do?
推荐答案
1 - 确保用户表列
(全名,用户名,密码,电子邮件,电池,生日,ADRESS,性别)
2 - 使用preFER存储过程或低于code为CRUD操作(也可用于SQL注入攻击)
1- Make sure Users Table columns
(fullname, username, password, email, cell, birthday, adress, gender)
2- Use prefer "Stored Procedure" or below code for crud operation (also for SQL Injection Attacks)
String sql = "INSERT INTO USERS (fullname, username, password, email, cell, birthday, adress, gender)
VALUES(@fullname,@username,@password, @email,@cell,@birthday,@adress, @gender)";
SqlCommand command = new SqlCommand(sql, db.Connection);
command.Parameters.Add("@fullname",fullname);
command.Parameters.Add("@username",username);
command.Parameters.Add("@password",password);
command.Parameters.Add("@email",email);
command.Parameters.Add("@cell",cell);
command.Parameters.Add("@birthday",birthday);
command.Parameters.Add("@adress",adress);
command.Parameters.Add("@gender",gender);
command.ExecuteNonQuery();
这篇关于在SQL数据库单选按钮值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!