我有一个Asp.net
应用程序,如果用户通过网络提交请求,但我似乎无法让它工作,我试图从我的'用户'数据库中删除一行。Asp.Net SQL删除语句
HTML
<div class="panel panel-danger">
<div class="panel-heading">
<h3 class="panel-title">Remove User</h3>
</div>
<div class="panel-body">
<asp:Label ID="lbRemoveUser" runat="server" Text="Remove User">
<b>Enter Full Name</b>
</asp:Label>
<asp:TextBox runat="server" ID="txtRemoveUser" CssClass="form-control" AutoPostBack="true" OnTextChanged="txtRemoveUser_TextChanged" />
<asp:Label ID="removeUserNotExist" runat="server" Text="The user entered does not exist." Visible="false" style="color: red"></asp:Label>
</div>
<div class="panel-footer">
<div class="text-center">
<asp:Button CssClass="btn btn-danger" ID="btnSubmitRemoveUser" runat="server" Text="Remove User" ToolTip="Click to remove the user from the list." OnClick="removeUserSubmitButton_Click" />
</div>
</div>
</div>
<!-- Confirm Removal Modal-->
<div class="modal fade" id="confirmRemoveUserModal">
<div class="modal-dialog" style="margin-top: 55px">
<div class="modal-content">
<div class="modal-header ConfirmHeader">
<h4 class="modal-title" id="myModalLabel">Confirm Removal</h4>
</div>
<div class="modal-body">
<p>Are you sure you want to remove <b><%=Session["txtRemoveUser"] %></b> from the payday lunch list?</p>
<p>If you don't, click 'No' and the user will not be removed.</p>
</div>
<div class="modal-footer ConfirmFooter">
<asp:Button id="btnRemoveConfirmYes" runat="server" CssClass="btn btn-success" Text="Yes" OnClick="btnRemoveConfirmYes_Click" ToolTip="Click to remove the user from the payday lunch list." />
<asp:Button id="btnRemoveConfirmNo" runat="server" CssClass="btn btn-warning" Text="No" OnClick="btnAllCloses_Click" ToolTip="Click to close this screen. The user will not be removed." />
</div>
</div>
</div>
</div>
代码我试图
public void btnRemoveConfirmYes_Click(object sender, EventArgs e)
{
string connection = ConfigurationManager.ConnectionStrings["PaydayLunchConnectionString1"].ConnectionString;
SqlConnection conn = new SqlConnection(connection);
conn.Open();
SqlCommand cmd1 = new SqlCommand("DELETE FROM Users WHERE Name = " + txtRemoveUser.Text, conn);
conn.Close();
txtRemoveUser.Text = "";
Response.Redirect("/AdminSide/TaskList.aspx");
}
就像我说我要的是,如果它在我的数据库中存在删除该条目。我已经有一个检查,以确保该条目存在于'用户'表
我是否需要SqlDataReader rd1 = cmd1.ExecuteReader();
当我尝试它,我得到一个服务器错误“System.Data.SqlClient.SqlException:无效的列名称'Test2的'。”
您只需要'ExecuteNonQuery'并且更重要的是,需要使用[参数化查询](http://blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/)。这种字符串连接对于[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)攻击是开放的。 –