我有这个错误:
不支持关键字:'provider'。
描述:执行当前Web请求期间发生了未处理的异常。请查看堆栈跟踪以获取有关错误及其源自代码的位置的更多信息。
异常详细信息:System.ArgumentException:不支持关键字:'provider'。
来源错误:
Line 24: {
Line 25: Session["id"] = e.CommandArgument.ToString();
Line 26: SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
Line 27: con.Open();
Line 28: SqlCommand cmd1 = new SqlCommand("INSERT INTO tb2 (id, name) SELECT id, name FROM tb1 where id='"+Session["id"].ToString()+"'", con);
Source File: c:\inetpub\wwwroot\logon\page.aspx Line: 26
这是我的完整代码:
<%@ Page Language="C#" Debug="true" %>
<%@ Import Namespace="System" %>
<%@ Import Namespace="System.Data" %>
<%@ Import Namespace = "System.Data.SqlClient" %>
<script runat="server" type="css">
protected void Page_Load(object sender, EventArgs e)
{
if (!IsPostBack)
{
bind();
}
}
protected void bind()
{
PendingRecordsGridview.DataSourceID = "";
PendingRecordsGridview.DataSource = sd1;
PendingRecordsGridview.DataBind();
}
protected void PendingRecordsGridview_RowCommand(object sender, GridViewCommandEventArgs e)
{
if (e.CommandName == "accept")
{
Session["id"] = e.CommandArgument.ToString();
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
con.Open();
SqlCommand cmd1 = new SqlCommand("INSERT INTO tb2 (id, name) SELECT id, name FROM tb1 where id='"+Session["id"].ToString()+"'", con);
SqlCommand cmd2 = new SqlCommand("delete from tb1 where id='"+Session["id"].ToString()+"'", con);
cmd1.ExecuteNonQuery();
cmd2.ExecuteNonQuery();
bind();
}
}
</script>
<form id="form1" runat="server">
<asp:GridView ID="PendingRecordsGridview" runat="server" AutoGenerateColumns="False" DataKeyNames="id" onrowcommand="PendingRecordsGridview_RowCommand" DataSourceID="sd1">
<Columns>
<asp:templatefield HeaderText="Accept">
<ItemTemplate>
<asp:Button CommandArgument='<%# Bind("id") %>' ID="Button1" runat="server" CausesValidation="false" CommandName="accept" Text="Accept" />
</ItemTemplate>
</asp:templatefield>
<asp:templatefield HeaderText="name" SortExpression="name">
<EditItemTemplate>
<asp:TextBox ID="TextBox1" runat="server" Text='<%# Bind("name") %>'>
</asp:TextBox>
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="Label1" runat="server" Text='<%# Bind("name") %>'>
</asp:Label>
</ItemTemplate>
</asp:templatefield>
<asp:templatefield HeaderText="id" SortExpression="id">
<EditItemTemplate>
<asp:Label ID="Label1" runat="server" Text='<%# Eval("id") %>'>
</asp:Label>
</EditItemTemplate>
<ItemTemplate>
<asp:Label ID="Label2" runat="server" Text='<%# Bind("id") %>'>
</asp:Label>
</ItemTemplate>
</asp:templatefield>
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="sd1" runat="server"
ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
ProviderName="<%$ ConnectionStrings:ConnectionString.ProviderName %>"
SelectCommand="SELECT * FROM [tb1]" DeleteCommand="DELETE FROM [tb1] WHERE [id] = ?" InsertCommand="INSERT INTO [tb1] ([name]) VALUES (?)" UpdateCommand="UPDATE [tb1] SET [name] = ? WHERE [id] = ?">
<DeleteParameters>
<asp:parameter Name="id" Type="Int32" />
</DeleteParameters>
<UpdateParameters>
<asp:parameter Name="name" Type="String" />
<asp:parameter Name="id" Type="Int32" />
</UpdateParameters>
<InsertParameters>
<asp:parameter Name="name" Type="String" />
</InsertParameters>
</asp:SqlDataSource>
</form>
的Web.config
<configuration>
<connectionStrings>
<add name="ConnectionString" connectionString="Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\inetpub\wwwroot\logon\_private\db1.mdb"
providerName="System.Data.OleDb" />
</connectionStrings>
</configuration>
请帮忙!谢谢!
答案 0 :(得分:2)
您似乎正在尝试使用SQL Server连接对象访问Access数据库。 (连接配置引用Jet数据库引擎)
您应该使用OleDbConnection(以及相关的OleDbCommand等)。
有关连接字符串的详细信息,请参阅:http://connectionstrings.com/access
而且,正如评论中提到的,您的代码可以成功进行SQL注入攻击。您可能想要阅读how to protect yourself from SQL Injection Attacks(该文章适用于SQL Server,但许多概念也适用于Access)