关键字不支持：“供应商” [英] Keyword not supported: 'provider'

问题描述

我有此错误：

不支持关键字：供应商

说明：当前Web请求的执行过程中发生未处理的异常。请查看有关错误的详细堆栈跟踪信息，以及它起源于code。

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

异常详细信息：System.ArgumentException：关键字不支持：供应商

Exception Details: System.ArgumentException: Keyword not supported: 'provider'.

源错误：

Line 24:     {
Line 25:         Session["id"] = e.CommandArgument.ToString();
Line 26:         SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
Line 27:            con.Open();
Line 28:             SqlCommand cmd1 = new SqlCommand("INSERT INTO tb2 (id, name) SELECT id, name FROM tb1 where id='"+Session["id"].ToString()+"'", con);

Source File: c:\inetpub\wwwroot\logon\page.aspx    Line: 26 

下面是我的全部code：

Here's my full code:

<%@ Page Language="C#" Debug="true" %>
<%@ Import Namespace="System" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace = "System.Data.SqlClient" %>

<script runat="server" type="css">

protected void Page_Load(object sender, EventArgs e)
{
    if (!IsPostBack)
    {
        bind();
    }
}
protected void bind()
{
    PendingRecordsGridview.DataSourceID = "";
    PendingRecordsGridview.DataSource = sd1;
    PendingRecordsGridview.DataBind();
 }
protected void PendingRecordsGridview_RowCommand(object sender, GridViewCommandEventArgs e)
{
    if (e.CommandName == "accept")
    {
        Session["id"] = e.CommandArgument.ToString();
        SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
            con.Open();
            SqlCommand cmd1 = new SqlCommand("INSERT INTO tb2 (id, name) SELECT id, name FROM tb1 where id='"+Session["id"].ToString()+"'", con);
            SqlCommand cmd2 = new SqlCommand("delete from tb1 where id='"+Session["id"].ToString()+"'", con);
            cmd1.ExecuteNonQuery();
            cmd2.ExecuteNonQuery();
            bind();
    }
}
</script>
<form id="form1" runat="server">
<asp:GridView ID="PendingRecordsGridview" runat="server" AutoGenerateColumns="False" DataKeyNames="id" onrowcommand="PendingRecordsGridview_RowCommand" DataSourceID="sd1">
        <Columns>
            <asp:templatefield HeaderText="Accept">
                <ItemTemplate>
                    <asp:Button CommandArgument='<%# Bind("id") %>' ID="Button1" runat="server" CausesValidation="false" CommandName="accept" Text="Accept" />
                </ItemTemplate>
            </asp:templatefield>
            <asp:templatefield HeaderText="name" SortExpression="name">
                <EditItemTemplate>
                    <asp:TextBox ID="TextBox1" runat="server" Text='<%# Bind("name") %>'>
                    </asp:TextBox>
                </EditItemTemplate>
                <ItemTemplate>
                    <asp:Label ID="Label1" runat="server" Text='<%# Bind("name") %>'>
                    </asp:Label>
                </ItemTemplate>
            </asp:templatefield>
            <asp:templatefield HeaderText="id" SortExpression="id">
                <EditItemTemplate>
                    <asp:Label ID="Label1" runat="server" Text='<%# Eval("id") %>'>
                    </asp:Label>
                </EditItemTemplate>
                <ItemTemplate>
                    <asp:Label ID="Label2" runat="server" Text='<%# Bind("id") %>'>
                    </asp:Label>
                </ItemTemplate>
            </asp:templatefield>
        </Columns>
    </asp:GridView>
    <asp:SqlDataSource ID="sd1" runat="server" 
        ConnectionString="<%$ ConnectionStrings:ConnectionString %>" 
        ProviderName="<%$ ConnectionStrings:ConnectionString.ProviderName %>"
        SelectCommand="SELECT * FROM [tb1]" DeleteCommand="DELETE FROM [tb1] WHERE [id] = ?" InsertCommand="INSERT INTO [tb1] ([name]) VALUES (?)"  UpdateCommand="UPDATE [tb1] SET [name] = ? WHERE [id] = ?">
        <DeleteParameters>
            <asp:parameter Name="id" Type="Int32" />
        </DeleteParameters>
        <UpdateParameters>
            <asp:parameter Name="name" Type="String" />
            <asp:parameter Name="id" Type="Int32" />
        </UpdateParameters>
        <InsertParameters>
            <asp:parameter Name="name" Type="String" />
        </InsertParameters>
</asp:SqlDataSource>
</form>       

Web.config文件

Web.config

<configuration>
    <connectionStrings>

        <add name="ConnectionString" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\inetpub\wwwroot\logon\_private\db1.mdb"
            providerName="System.Data.OleDb" />
    </connectionStrings>
</configuration>

请帮忙！谢谢！

推荐答案

它看起来像您尝试访问使用SQL Server连接对象的Access数据库。 （连接配置指的是Jet数据库引擎）

It looks like you are trying to access an Access database using a SQL Server connection object. (The connection config refers to the Jet database engine)

您应该使用的OleDbConnection （和相关的OleDbCommand 等）来代替。

You should be using an OleDbConnection (and related OleDbCommand, etc.) instead.

有关连接字符串的详细信息，请参阅： http://connectionstrings.com/access

For more information on connection strings see: http://connectionstrings.com/access

和，正如提到的评论，您的code是succeptable SQL注入攻击。你可能需要阅读<一个href="http://colinmackay.scot/2005/04/23/sql-injection-attacks-and-some-tips-on-how-to-$p$pvent-them/"相对=nofollow>如何保护自己免受SQL注入攻击（这篇文章是为SQL Server，但许多概念也适用于接入）

And, as was mentioned in the comments, your code is succeptable to SQL Injection attack. You might want to read up how to protect yourself from SQL Injection Attacks (The article is for SQL Server, but many of the concepts are also applicable to Access)

这篇关于关键字不支持：“供应商”的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！