在SQL数据库单选按钮值 [英] Radio button value in SQL database

问题描述

我工作的基本的网站使用Visual Studio 2013在注册表单有男性或女性的单选按钮，选择一个SQL数据库。 IM使用asp.net。

I am working on basic website with a SQL database using Visual Studio 2013. On the sign up form there are radio button selections of male or female. Im using asp.net.

<div class="radio-inline" style="padding-left: 0px;">
    <label class="labelinput">Gender:</label>
    <label class="radio-inline">
        <input class="radio" type="radio" value="male" id="male"     
            name="gender" checked="checked"/>
        <p style="margin: 0; padding-left: 20px; color: black; 
            font-size: 1.4em;">Male</p>
    </label>
    <label class="radio-inline">
        <input class="radio" type="radio" value="female" id="female" name="gender" />
        <p style="margin: 0; padding-left: 20px; color: black;
            font-size: 1.4em;">Female</p>
    </label>
</div>

我试图做在数据库中添加性别一栏。然后在C＃中的一部分，我写这样的：

What I tried doing was adding a column of 'gender' in the database. Then in the c# part I wrote this:

string gender = Request.Form["gender"];

我使用包含功能连接到数据库的类。类的名称为埃坦。一个的功能是连接到数据库和执行的SQL行：

I use a class that contains functions to connect to the database. The class's name is 'Eitan'. One of the functions is to connect to the database and perform the sql line:

public static void DoQuery(string fileName, string sql)
{
    SqlConnection conn = ConnectToDb(fileName);
    conn.Open();
    SqlCommand com = new SqlCommand(sql, conn);
    com.ExecuteNonQuery();
    com.Dispose();
    conn.Close();
}

我的SQL行是：

My sql line is:

string sql;
sql = "insert into users(fullname, username, password, email, cell, birthday, adress, gender)";
sql += " values('" + fullname + "','" + username + "','" + password + "','" + email + "','" + cell + "','" + birthday + "','" + adress + "','" + gender + "')";

（我已经不仅仅是性别更多）的文件名（数据库文件名）：

(I have more than just the gender) The filename (database file name):

string filename = "database.mdf";

于是我就用了函数名和SQL语句，当我填写表格和preSS提交它带给我回'com.ExecuteNonQuery（）;'在功能DoQuery并显示我这个错误：

So I use the function with the filename and sql sentence, and when I fill out the form and press submit it brings me back to 'com.ExecuteNonQuery();' in the function DoQuery and shows me this error:

类型'System.Data.SqlClient.SqlException'的异常出现在system.data.dll但在用户code没有处理的附加信息：无效的列名性别

An exception of type 'System.Data.SqlClient.SqlException' occurred in System.Data.dll but was not handled in user code Additional information: Invalid column name 'gender'.

任何想法，我应该怎么办呢？

Any ideas what I should do?

推荐答案

1 - 确保用户表列
（全名，用户名，密码，电子邮件，电池，生日，ADRESS，性别）

2 - 使用preFER存储过程或低于code为CRUD操作（也可用于SQL注入攻击）

1- Make sure Users Table columns
(fullname, username, password, email, cell, birthday, adress, gender)
2- Use prefer "Stored Procedure" or below code for crud operation (also for SQL Injection Attacks)

String sql = "INSERT INTO USERS (fullname, username, password, email, cell, birthday, adress, gender)  
     VALUES(@fullname,@username,@password, @email,@cell,@birthday,@adress, @gender)";

SqlCommand command = new SqlCommand(sql, db.Connection);
command.Parameters.Add("@fullname",fullname);
command.Parameters.Add("@username",username);
command.Parameters.Add("@password",password);
command.Parameters.Add("@email",email);
command.Parameters.Add("@cell",cell);
command.Parameters.Add("@birthday",birthday);
command.Parameters.Add("@adress",adress);
command.Parameters.Add("@gender",gender);

command.ExecuteNonQuery();

这篇关于在SQL数据库单选按钮值的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！