我不知道该怎么做。
当用户购买所有产品时,我想将其插入Orders表,另外我想在Customer表中插入customer_id,其中user login = Session [" id"]。我尝试了这个,但它没有工作:/我该怎么办?
protected void ConfirmPurchase_Click(object sender, EventArgs e)
{
if (Session["id"] != null)
{
string username;
username = Convert.ToString(Session["id"]);
SqlConnection con = new SqlConnection(@"Data Source=SOME_SQL;Initial Catalog=Shop;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand("INSERT INTO Orders (order_date, paid, transact_status, customer_id) VALUES (GETDATE() ,'" + cost.ToString("c") + "' ,'Przyjęto do bazy', SELECT customer_id FROM Customer WHERE login='" + username + "')", con);
cmd.ExecuteNonQuery();
Response.Redirect("Payment/Payment.aspx");
}
else
{
Response.Redirect("InputPersonalData.aspx");
}
}
答案 0 :(得分:1)
你结合了两种INSERT,INSERT ...... VALUES和INSERT ...... SELECT;在我看来,最简单的选择是通过INSERT ... SELECT:
来完成 SqlCommand cmd = new SqlCommand("INSERT INTO Orders (order_date, paid, transact_status, customer_id) SELECT GETDATE() ,'"
+ cost.ToString("c")
+ "' ,'Przyjęto do bazy', customer_id FROM Customer WHERE login='"
+ username + "'", con);
然后,最好使用参数化查询,以防止SQL注入等风险。
答案 1 :(得分:0)
我认为你必须将subselect
放入括号:
SqlCommand cmd = new SqlCommand("INSERT INTO Orders (order_date, paid, transact_status, customer_id) VALUES (GETDATE() ,'" + cost.ToString("c") + "' ,'Przyjęto do bazy', (SELECT customer_id FROM Customer WHERE login='" + username + "'))", con);
答案 2 :(得分:0)
您可以尝试围绕用户选择"("和")"
而不是
SELECT customer_id FROM Customer WHERE login='" + username + "'
使用
( SELECT customer_id FROM Customer WHERE login='" + username + "' )