1. 首页
  2. 问答
  3. 如何将数据插入到asp.net网站的sql server中?

如何将数据插入到asp.net网站的sql server中?

2013-08-06 52 views
1

我试图插入数据到我的网站构建在SQL Server中的VS 2008中。为此我使用了按钮单击事件。我尝试了代码显示在YouTube上,但代码无法正常工作。它在我的网站上显示错误。如何将数据插入到asp.net网站的sql server中?

在.aspx.cs文件中的代码是

public partial class _Default : System.Web.UI.Page 
{ 
SqlConnection conn = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString); 

protected void Page_Load(object sender, EventArgs e) 
{ 
    conn.Open(); 
} 
protected void btnInsert_Click(object sender, EventArgs e) 
{ 
    SqlCommand cmd = new SqlCommand("insert into Insert values('"+txtCity.Text+"','"+txtFName.Text+"','"+txtLName.Text+"')",conn); 
    cmd.ExecuteNonQuery(); 
    conn.Close(); 
    Label1.Visible =true; 
    Label1.Text = "Your data inserted successfully"; 
    txtCity.Text = ""; 
    txtFName.Text = ""; 
    txtLName.Text = ""; 
}

} `

来源

2013-08-06 user2653867

+2

什么是错误? – zey

+0

您收到的错误是什么? – Stephen

+0

我收到的错误是 – user2653867

回答

9

好吧,让我们来解决这个问题的代码最多只是一点点。你到达那里:

var cnnString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString; 
var cmd = "insert into Insert values(@City,@FName,@LName)"; 
using (SqlConnection cnn = new SqlConnection(cnnString)) 
{ 
    using (SqlCommand cmd = new SqlCommand(cmd, cnn)) 
    { 
     cmd.Parameters.AddWithValue("@City",txtCity.Text); 
     cmd.Parameters.AddWithValue("@FName",txtFName.Text); 
     cmd.Parameters.AddWithValue("@LName",txtLName.Text); 

     cnn.Open(); 
     cmd.ExecuteNonQuery(); 
    } 
}

一些事情要注意修改后的代码。

  • 它利用using声明确保资源妥善处置。
  • 它的参数化确保SQL注入不可能。
  • 它没有存储任何地方的连接对象,摆脱存储的连接。

来源

2013-08-06 10:30:32

+1

Plus:您不需要调用'cnn.Open()'直到**只是在'cmd.ExecuteNonQuery()'之前**。不需要在定义参数时打开连接..... –

+2

@marc_s,这是一个梦幻般的观察!我相信我会改变我的标准(你在上面看到:D)就是这样。非常感谢! –

-3 
Creating procedure will avoid sql injection.

SQL

Create procedure insert 
(@City,@FirstName,@LastName) 
{ 
insert into tablename (City,FName,LName) 
values(@City,@FirstName,@LastName) 
}

C#

SqlConnection con=new sqlconnection("give ur connection string here"); 
sqlcommand cmd=new sqlcommand(); 
con.open(); 
cmd=new sqlcommand("insert",con); 
cmd.commandtype=commandtype.storedprocedure; 
cmd.parameters.addwithvalue("@City",txtCity.text); 
cmd.parameters.addwithvalue("@FName",txtFName.text); 
cmd.parameters.addwithvalue("@LNAme",txtLName.text); 
cmd.ExecuteNonQuery(); 
con.close();

来源

2013-08-06 11:01:20 Sasidharan

0

**

using System; 
using System.Collections.Generic; 
using System.Linq; 
using System.Web; 
using System.Web.UI; 
using System.Web.UI.WebControls; 
using System.Data; 
using System.Data.SqlClient; 
public partial class _Default : System.Web.UI.Page 
{ 
    SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;Initial Catalog=mrinmoynandy;User ID=**;Password=****"); 
    protected void Page_Load(object sender, EventArgs e) 
    { 
    } 
    protected void SumbitBtn_Click(object sender, EventArgs e) 
    { 
     SqlCommand cmd = new SqlCommand("insert into streg(Name,Father,Mother,Dob,Sex,Category,Maritial,Vill,Po,Ps,Dist,State,Pin,Country) values (@name,@father,@mother,@dob,@sex,@category,@maritial,@vill,@po,@ps,@dist,@state,@pin,@country)", con); 
     cmd.Parameters.AddWithValue(@"name", StNumTxt.Text); 
     cmd.Parameters.AddWithValue(@"father", FatNumTxt.Text); 
     cmd.Parameters.AddWithValue(@"mother", MotNumTxt.Text); 
     cmd.Parameters.AddWithValue(@"dob", DobRdp.SelectedDate); 
     cmd.Parameters.AddWithValue(@"sex", SexDdl.SelectedItem.Text); 
     cmd.Parameters.AddWithValue(@"category", CategoryDdl.SelectedItem.Text); 
     cmd.Parameters.AddWithValue(@"maritial", MaritialRbl.SelectedItem.Text); 
     cmd.Parameters.AddWithValue(@"vill", VillTxt.Text); 
     cmd.Parameters.AddWithValue(@"po", PoTxt.Text); 
     cmd.Parameters.AddWithValue(@"ps", PsTxt.Text); 
     cmd.Parameters.AddWithValue(@"dist", DistDdl.SelectedItem.Text); 
     cmd.Parameters.AddWithValue(@"state", StateTxt.Text); 
     cmd.Parameters.AddWithValue(@"pin", PinTxt.Text); 
     cmd.Parameters.AddWithValue(@"country", CountryTxt.Text); 
     con.Open();   
     con.Close();   
    } 
} 
Thanks 
Mrinmoy Nandy 
Phone No.: +91 9800451398

**

来源

2015-12-30 12:58:37

+3

您能否向您的代码添加一些解释? – Ziezi

相关问题

 相关问题