1
我试图从文本框插入数据到我的数据库,它引发了一个异常。ASP.Net从文本框插入数据到数据库
异常详细信息:System.Data.SqlClient.SqlException:'test'附近的语法不正确。
我之前一些细节提出了我的代码,但: 叫我的数据库: 叫我的表数据电影:用户 我有列如:“名字”,“姓氏”等...
保护无效Register_Click(对象发件人,EventArgs的) { SqlConnection的连接=新的SqlConnection( “数据源= MICROSOF-58B8A5 \ SQL_SERVER_R2;初始目录=电影;集成安全性=真”);
connection.Open();
//FirstName***********
string firstName = FirstNameTextBox.Text;
string sqlquery = ("INSERT INTO [Users] (FirstName) VALUES (' " +FirstNameTextBox.Text + " ' ");
SqlCommand command = new SqlCommand(sqlquery , connection);
command.Parameters.AddWithValue("FirstName", firstName);
//LastName************
string lastName = LastNameTextBox.Text;
sqlquery = ("INSERT INTO [Users] (LastName) VALUES (' " + LastNameTextBox.Text+ " ' ");
command.Parameters.AddWithValue("LastName", lastName);
//Username*************
string username = UsernameTextBox.Text;
sqlquery = ("INSERT INTO [Users] (Username) VALUES (' " + UsernameTextBox.Text+ " ' ");
command.Parameters.AddWithValue("UserName", username);
//Password*************
string password = PasswordTextBox.Text;
sqlquery = ("INSERT INTO [Users] (Password) VALUES (' " + PasswordTextBox.Text + " ' ");
command.Parameters.AddWithValue("Password", password);
if (PasswordTextBox.Text == ReTypePassword.Text)
{
command.ExecuteNonQuery();
}
else
{
ErrorLabel.Text = "Sorry, You didnt typed your password correctly. Please type again.";
}
connection.Close();
}
参数将避免危险的SQL注入攻击。 – dolphy 2011-12-14 18:55:03