using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
using System.Configuration;
public partial class Editprofile : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
SqlConnection con = new SqlConnection();
con.ConnectionString = ConfigurationManager.ConnectionStrings["ProfileCS"].ConnectionString;
string sql = "select userid from Profile";
SqlCommand cmd = new SqlCommand();
SqlDataReader dr;
DataTable dt = new DataTable();
cmd.CommandText = sql;
cmd.Connection = con;
con.Open();
dr = cmd.ExecuteReader();
dt.Load(dr);
ddl_userid.DataSource = dt;
ddl_userid.DataTextField = "userid";
ddl_userid.DataValueField = "userid";
ddl_userid.DataBind();
}
}
protected void ddl_userid_SelectedIndexChanged(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection();
con.ConnectionString = ConfigurationManager.ConnectionStrings["ProfileCS"].ConnectionString;
string sql = "Select studname,gender,email,birthdate,contact from profile where userid='" + ddl_userid.SelectedValue + "'";
SqlCommand cmd = new SqlCommand();
SqlDataReader dr;
DataTable dt = new DataTable();
cmd.CommandText = sql;
cmd.Connection = con;
con.Open();
dr = cmd.ExecuteReader();
dt.Load(dr);
tb_studname.Text = dt.Rows[0]["studname"].ToString();
tb_gender.Text = dt.Rows[0]["gender"].ToString();
tb_email.Text = dt.Rows[0]["email"].ToString();
tb_age.Text = dt.Rows[0]["birthdate"].ToString();
tb_contact.Text = dt.Rows[0]["contact"].ToString();
Session["dt"] = dt;
}
protected void bn_reset_Click(object sender, EventArgs e)
{
DataTable dt = (DataTable)Session["dt"];
tb_studname.Text = dt.Rows[0]["studname"].ToString();
tb_gender.Text = dt.Rows[0]["gender"].ToString();
tb_email.Text = dt.Rows[0]["email"].ToString();
tb_age.Text = dt.Rows[0]["birthdate"].ToString();
tb_contact.Text = dt.Rows[0]["contact"].ToString();
}
protected void bn_update_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection();
con.ConnectionString = ConfigurationManager.ConnectionStrings["ProfileCS"].ConnectionString;
String name = tb_studname.Text;
String gender = tb_gender.Text;
String email = tb_email.Text;
String age = tb_age.Text;
String contact = tb_contact.Text;
string sql="Update Profile Set studName='"+name+"',gender='"+gender+"',email='"+email+"',birthdate='"+age+"',contact='"+contact;
sql=sql +"where userid='"+ddl_userid+"'";
SqlCommand cmd =new SqlCommand();
cmd.CommandText=sql;
cmd.Connection=con;
try
{
con.Open();
cmd.ExecuteNonQuery();
lbl_msg.Text="Record Updated!";
}
catch(Exception ex)
{
lbl_msg.Text="Problem encountered:"+ex.Message;
}
finally
{
con.Close();
con.Dispose();
cmd.Dispose();
}
}
}
当我加载页面的复位按钮作品嗨,大家好预期,但是当我尝试这样 问题遇到发生更新信息按钮错误消息”后闭合的引号。字符串“”“系统”附近语法不正确。系统“:字符串“”附近有语法错误
在哪条线上? “userid”列的类型是什么,“ddl_userid.SelectedValue”的值是什么?请注意_SQL Injection_攻击。 –
[SQL注入警报](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - 你应该**不**连接你的SQL语句 - 使用**参数化查询**而不是为了避免SQL注入 –
@SonerGönüluserid是nvarchar(50),你是什么意思的值ddl_userid.SelectedValue – sherrez