Asp.net从文本框和DropDownList中添加数据库 [英] Asp.net adding database from textbox and dropdownlist
问题描述
网添加数据库。我试图做两个文本框和DropDownList的一个选定值的文本添加我的表。
这里是我的code
使用系统;
使用System.Collections.Generic;
使用System.Linq的;
使用的System.Web;
使用System.Web.UI程序;
使用System.Web.UI.WebControls;
使用System.Data.SqlClient的;公共部分类_Default:System.Web.UI.Page{ 保护无效的Page_Load(对象发件人,EventArgs的发送)
{ }
保护无效的button1_Click(对象发件人,EventArgs的发送)
{
字符串的connectionString = @数据源= \\ SQLEX $ P $干燥综合征; AttachDbFilename = C:\\ USERS \\ CEM \\文档\\ Visual Studio 2010的\\ WEBSITES \\ EKLEMEDENE \\ APP_DATA \\ DATABASE.MDF;集成安全=真;用户实例=真
字符串的queryString =INSERT INTO ekle(航班,姓名,食品)VALUES('+ TextBox1.Text +,+ TextBox2.Text +,+ DropDownList1.SelectedValue +');
SqlConnection的CON =新的SqlConnection(的connectionString);
的SqlCommand命令=新的SqlCommand(的queryString,CON);
con.Open();
command.ExecuteNonQuery(); con.Close();
}
}
我执行后,我会有误差
数据库C:\\用户\\杰姆\\文档\\ Visual Studio 2010的\\网站已\\ eklemedene \\ App_Data文件\\ Database.mdf'已经存在。选择不同的数据库名称。
附加的文件C自动命名的数据库的尝试:\\用户\\ CEM \\文档\\ Visual Studio 2010的\\ WEBSITES \\ EKLEMEDENE \\ APP_DATA \\ DATABASE.MDF失败。具有相同名称的数据库不存在,或者指定的文件无法打开,或它位于UNC共享。解决方案
- 您是敞开的SQL注入。避免直接从控制传递参数。而是使用
参数。- 使用
使用语句实施任何的IDisposable像连接或命令:- 有一些问题与您的ConnectionString,您可以尝试使用的
SqlConnectionStringBuilder类://构建连接
SqlConnectionStringBuilder BLDR =新SqlConnectionStringBuilder();//把你的服务器或服务器\\实例名称在这里。可能您计算机的名称\\ SQLEx preSS
\\\\ SQLEX $ P $干燥综合征bldr.DataSource =;//连接数据库文件名
bldr.AttachDBFilename = @C:\\用户\\ CEM \\文档\\ Visual Studio 2010的\\ WEBSITES \\ EKLEMEDENE \\ APP_DATA \\ DATABASE.MDF//用户实例
bldr.UserInstance = TRUE;//无论是否需要密码。
bldr.IntegratedSecurity = TRUE;使用(VAR连接=新的SqlConnection(bldr.ConnectionString))
{
VAR SQL =INSERT INTO ekle(航班,姓名,食品)VALUES(@flight,@name,@food);
使用(VAR命令=新的SqlCommand(SQL,连接))
{
command.Parameters.AddWithValue(@飞,TextBox1.Text);
command.Parameters.AddWithValue(@名,TextBox2.Text);
command.Parameters.AddWithValue(@食,DropDownList1.SelectedValue);
connection.Open();
command.ExecuteNonQuery();
}
} //隐含关闭连接net to adding database. I am trying to do texts on two textbox and one selected value in dropdownlist to add my table. Here is my code
using System; using System.Collections.Generic; using System.Linq; using System.Web; using System.Web.UI; using System.Web.UI.WebControls; using System.Data.SqlClient; public partial class _Default : System.Web.UI.Page { protected void Page_Load(object sender, EventArgs e) { } protected void Button1_Click(object sender, EventArgs e) { string connectionString = @" Data Source=.\SQLEXPRESS;AttachDbFilename=C:\USERS\CEM\DOCUMENTS\VISUAL STUDIO 2010\WEBSITES\EKLEMEDENE\APP_DATA\DATABASE.MDF;Integrated Security=True;User Instance=True"; string queryString = "INSERT INTO ekle(flight, name, food) VALUES ('" + TextBox1.Text + " ' , '" + TextBox2.Text + " ' , '" + DropDownList1.SelectedValue + " ' )"; SqlConnection con = new SqlConnection(connectionString); SqlCommand command = new SqlCommand(queryString, con); con.Open(); command.ExecuteNonQuery(); con.Close(); } }After I execute I will have error
Database 'C:\Users\Cem\Documents\Visual Studio 2010\WebSites\eklemedene\App_Data\Database.mdf' already exists. Choose a different database name. An attempt to attach an auto-named database for file C:\USERS\CEM\DOCUMENTS\VISUAL STUDIO 2010\WEBSITES\EKLEMEDENE\APP_DATA\DATABASE.MDF failed. A database with the same name exists, or specified file cannot be opened, or it is located on UNC share.
解决方案
- You're wide open for SQL-Injection. Avoid passing parameters directly from controls. Instead use
Parameters.- Use
using-statementfor anything implementingIDisposablelike Connections or Commands:- There's something wrong with your ConnectionString, you could try to use
SqlConnectionStringBuilderclass:
//Build the connection SqlConnectionStringBuilder bldr = new SqlConnectionStringBuilder(); //Put your server or server\instance name here. Likely YourComputerName\SQLExpress bldr.DataSource = ".\\SQLEXPRESS"; //Attach DB Filename bldr.AttachDBFilename = @"C:\USERS\CEM\DOCUMENTS\VISUAL STUDIO 2010\WEBSITES\EKLEMEDENE\APP_DATA\DATABASE.MDF"; //User Instance bldr.UserInstance = true; //Whether or not a password is required. bldr.IntegratedSecurity = true; using(var connection = new SqlConnection(bldr.ConnectionString)) { var sql = "INSERT INTO ekle(flight, name, food) VALUES (@flight, @name , @food)"; using(var command = new SqlCommand(sql, connection)) { command.Parameters.AddWithValue("@flight", TextBox1.Text); command.Parameters.AddWithValue("@name", TextBox2.Text); command.Parameters.AddWithValue("@food", DropDownList1.SelectedValue); connection.Open(); command.ExecuteNonQuery(); } } // closes the connection implicitely
这篇关于Asp.net从文本框和DropDownList中添加数据库的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
