1. 首页
  2. 问答
  3. Asp.Net SQL删除语句

Asp.Net SQL删除语句

2015-12-18 114 views
2

我有一个Asp.net应用程序,如果用户通过网络提交请求,但我似乎无法让它工作,我试图从我的'用户'数据库中删除一行。Asp.Net SQL删除语句

HTML

<div class="panel panel-danger"> 
    <div class="panel-heading"> 
     <h3 class="panel-title">Remove User</h3> 
    </div> 
    <div class="panel-body"> 
     <asp:Label ID="lbRemoveUser" runat="server" Text="Remove User"> 
      <b>Enter Full Name</b> 
     </asp:Label>      
     <asp:TextBox runat="server" ID="txtRemoveUser" CssClass="form-control" AutoPostBack="true" OnTextChanged="txtRemoveUser_TextChanged" /> 
     <asp:Label ID="removeUserNotExist" runat="server" Text="The user entered does not exist." Visible="false" style="color: red"></asp:Label> 
    </div> 
    <div class="panel-footer"> 
     <div class="text-center"> 
      <asp:Button CssClass="btn btn-danger" ID="btnSubmitRemoveUser" runat="server" Text="Remove User" ToolTip="Click to remove the user from the list." OnClick="removeUserSubmitButton_Click" /> 
     </div> 
    </div> 
</div> 

<!-- Confirm Removal Modal--> 
<div class="modal fade" id="confirmRemoveUserModal"> 
    <div class="modal-dialog" style="margin-top: 55px"> 
     <div class="modal-content"> 
      <div class="modal-header ConfirmHeader"> 
       <h4 class="modal-title" id="myModalLabel">Confirm Removal</h4> 
      </div> 
      <div class="modal-body"> 
       <p>Are you sure you want to remove <b><%=Session["txtRemoveUser"] %></b> from the payday lunch list?</p> 
       <p>If you don't, click 'No' and the user will not be removed.</p> 
      </div> 
      <div class="modal-footer ConfirmFooter"> 
       <asp:Button id="btnRemoveConfirmYes" runat="server" CssClass="btn btn-success" Text="Yes" OnClick="btnRemoveConfirmYes_Click" ToolTip="Click to remove the user from the payday lunch list." /> 
       <asp:Button id="btnRemoveConfirmNo" runat="server" CssClass="btn btn-warning" Text="No" OnClick="btnAllCloses_Click" ToolTip="Click to close this screen. The user will not be removed." /> 
      </div> 
     </div> 
    </div> 
</div>

代码我试图

public void btnRemoveConfirmYes_Click(object sender, EventArgs e) 
    { 
     string connection = ConfigurationManager.ConnectionStrings["PaydayLunchConnectionString1"].ConnectionString; 
     SqlConnection conn = new SqlConnection(connection); 

     conn.Open(); 
     SqlCommand cmd1 = new SqlCommand("DELETE FROM Users WHERE Name = " + txtRemoveUser.Text, conn); 
     conn.Close(); 

     txtRemoveUser.Text = ""; 
     Response.Redirect("/AdminSide/TaskList.aspx"); 
    }

就像我说我要的是,如果它在我的数据库中存在删除该条目。我已经有一个检查,以确保该条目存在于'用户'表

我是否需要SqlDataReader rd1 = cmd1.ExecuteReader();当我尝试它,我得到一个服务器错误“System.Data.SqlClient.SqlException:无效的列名称'Test2的'。”

来源

2015-12-18 murday1983

+0

您只需要'ExecuteNonQuery'并且更重要的是,需要使用[参数化查询](http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/)。这种字符串连接对于[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)攻击是开放的。 –

回答

3

您未使用ExecuteNonQuery。你还必须包装用户名撇号:

SqlCommand cmd1 = new SqlCommand("DELETE FROM Users WHERE Name = '" + txtRemoveUser.Text + "'", conn);

但是,你应该始终使用 SQL参数以防止SQL注入和其他问题:

using(var cmd1 = new SqlCommand("DELETE FROM Users WHERE Name = @Name", conn)) 
{ 
    cmd1.Parameters.Add("@Name", SqlDbType.VarChar).Value = txtRemoveUser.Text; 
    conn.Open(); 
    cmd1.ExecuteNonQuery(); 
}

也使用using语句来实施IDisposable类似SqlCommand或更重要的SqlConnection以确保处理非托管资源。

来源

2015-12-18 13:26:37

+0

不要以为你也可以帮助我http://stackoverflow.com/questions/34357484/asp-net-sql-update-statement – murday1983

相关问题

 相关问题