使用文本框将数据插入数据库表

时间:2012-10-11 14:11:52

标签: c# asp.net sql-server

我正在尝试将数据插入到表格中,我看到的代码片段似乎对那个人有用,但对我来说! 我不知道我做错了什么因为我不知道asp.net的数据库处理。有人可以告诉我代码有什么问题吗?

public partial class CompanyLogin : System.Web.UI.Page
{
protected void Button1_Click(object sender, EventArgs e)
{
    OdbcConnection conn = new OdbcConnection();
    conn.ConnectionString = @".\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\VCtemps.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True";

    string sql = "insert into company values(@CompName, @BusinessType, @Pword)";
    OdbcCommand cmd = new OdbcCommand(sql);
    string CompName = txtCompName.Text;
    string BusinessType = DropDownList1.Text;
    string Pword = txtPassword.Text;
    cmd.Connection = conn;

    cmd.CommandText = "insert into company(CompName, BusinessType, Pword) Values(@CompName,@BusinessType,@Pword);";
    cmd.Parameters.AddWithValue("@CompName",SqlDbType.VarChar);    
    cmd.Parameters.AddWithValue("@BusinessType",SqlDbType.VarChar);    
    cmd.Parameters.AddWithValue("@Pword",SqlDbType.VarChar);    

cmd.ExecuteNonQuery();

    conn.Close();

    txtCompName.Text = "";
    txtPassword.Text = "";
    DropDownList1.Text = "";
}
}

我修复了代码,感谢你们,但是当我运行它或单击注册按钮时,我收到以下错误

ExecuteNonQuery需要一个开放且可用的连接。连接的当前状态已关闭

7 个答案:

答案 0 :(得分:4)

您可以调整查询 - by deleting values 

 cmd.CommandText = "insert into company(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')

Nota:我建议您也使用SqlCommand.Parameters.AddWithValue method

并添加此代码:

    cmd.CommandText =  "insert into company(CompName, BusinessType, Pword) Values(@CompName,@BusinessType,@Pword);"

    cmd.Parameters.AddWithValue("@CompName",);    
    cmd.Parameters.AddWithValue("@BusinessType",);    
    cmd.Parameters.AddWithValue("@Pword",);    

    cmd.ExecuteNonQuery();

答案 1 :(得分:1)

尝试更改以下内容:

conn.ConnectionString = "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\VCtemps.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True";

要:

conn.ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\VCtemps.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True";


cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')

要:

cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')";

其他

您应该使用参数化查询。永远不要将用户输入直接传递给SQL语句,因为您将容易受到SQL注入攻击。

string commandText = "insert into company values(CompName, BusinessType, Pword) values(@CompName, @BusinessType, @Pword)";
SqlCommand command = new SqlCommand(commandText, connection);

command.Parameters.Add("@CompName", SqlDbType.VarChar);
command.Parameters.Add("@BusinessType", SqlDbType.VarChar);
command.Parameters.Add("@PWord", SqlDbType.VarChar);

答案 2 :(得分:0)

cmd.CommandText =“插入公司值(CompName,BusinessType,Pword)值('”+ CompName +“','”+ BusinessType +“','”+ Pword +“'”);

试试这个......

答案 3 :(得分:0)

检查以cmd.CommandText开头的行,以查找引号中的错误。

您可以尝试使用String.Format方法,如下所示:

 cmd.CommandText = String.Format("insert into company values(CompName, BusinessType, Pword) values('{0}','{1}','{2}')",CompName,BusinessType,Pword);

我发现这有助于我更容易地跟踪连接变量。

答案 4 :(得分:0)

  1. 将来代码使用sql命令中的参数!!见example
  2. 在整个字符串前面用@转义连接字符串,或者在需要转义的符号之前用'\'转义。 Example
  3. cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')最终缺少";
  4. string sql = "insert into company values(@CompName, @BusinessType, @Pword)"; OdbcCommand cmd = new OdbcCommand(sql);

    cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')
    两者都是setting CommandText,因此您可以删除sql 并改变 OdbcCommand cmd = new OdbcCommand(sql);OdbcCommand cmd = new OdbcCommand();

答案 5 :(得分:0)

  1. 未打开连接
  2. 带参数查询的不必要的sql字符串
    3. 查询中的
  3. 语法错误(CommandText)

    4. protected void Button1_Click(object sender, EventArgs e)
{
    OdbcConnection conn = new OdbcConnection();
    conn.ConnectionString = "Data Source=.\SQLEXPRESS;
                       AttachDbFilename=|DataDirectory|\VCtemps.mdf;Integrated 
                       Security=True;Connect Timeout=30;User Instance=True";

    OdbcCommand cmd = new OdbcCommand();
    string CompName = txtCompName.Text;
    string BusinessType = DropDownList1.Text;
    string Pword = txtPassword.Text;

    conn.Open();
    cmd.Connection = conn;

    cmd.CommandText = "insert into company (CompName, BusinessType, Pword) 
                values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')";

    cmd.ExecuteNonQuery();

    conn.Close();

    txtCompName.Text = "";
    txtPassword.Text = "";
    DropDownList1.Text = "";
}

答案 6 :(得分:0)

检查以下样本。还包括你的连接&命令using clause 

  string yourConnectionString="";
    int result=0;
    using(OdbcConnection conn = new OdbcConnection(yourConnectionString))
    {

         string sql = "insert into company values(@CompName, @BusinessType, @Pword)";
         using (OdbcCommand cmd=new OdbcCommand(sql,conn))
         {   
            cmd.Parameters.AddWithValue("@CompName",txtCompName.Text);
            cmd.Parameters.AddWithValue("@BusinessType",DropDownList1.SelectedValue);  
            cmd.Parameters.AddWithValue("@Pword ",txtPassword.Text);  
            conn.Open();
            result=cmd.ExecuteNonQuery();
         }
         conn.Close();
         if(result >0)
         {
           txtCompName.Text = "";
           txtPassword.Text = "";
           DropDownList1.SeletedIndex = -1;
         }    
    }
相关问题
最新问题