using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;public partial class zc : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{ }
protected void Button1_Click(object sender, EventArgs e)
{
string bh = TextBox1.Text;
string mm = TextBox2.Text;
string hh = TextBox3.Text;
string yx = youxiang.Text;
string sex;
string constr = "server=localhost;uid=sa;pwd=111111;database=bh";
SqlConnection con = new SqlConnection(constr); if(RadioButtonList1.Items[0].Selected)
sex=RadioButtonList1.Items[0].Value;
else
sex=RadioButtonList1.Items[1].Value; string cmdstr = "insert bh values('" + bh + "','" + mm + "','" + hh + "','" + yx + "','"+ sex +"')";
SqlCommand cmd = new SqlCommand(cmdstr, con);
con.Open();
try
{
cmd.ExecuteNonQuery();
} catch (Exception err) { Label1.Text = err.Message; }
finally
{
con.Close();Response.Redirect("logion1.aspx");
}
}
}
为什么插不进数据库的表中,请高手指点,多谢多谢!!!!
using System.Collections;
using System.Configuration;
using System.Data;
using System.Linq;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Xml.Linq;
using System.Data.SqlClient;public partial class zc : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{ }
protected void Button1_Click(object sender, EventArgs e)
{
string bh = TextBox1.Text;
string mm = TextBox2.Text;
string hh = TextBox3.Text;
string yx = youxiang.Text;
string sex;
string constr = "server=localhost;uid=sa;pwd=111111;database=bh";
SqlConnection con = new SqlConnection(constr); if(RadioButtonList1.Items[0].Selected)
sex=RadioButtonList1.Items[0].Value;
else
sex=RadioButtonList1.Items[1].Value; string cmdstr = "insert bh values('" + bh + "','" + mm + "','" + hh + "','" + yx + "','"+ sex +"')";
SqlCommand cmd = new SqlCommand(cmdstr, con);
con.Open();
try
{
cmd.ExecuteNonQuery();
} catch (Exception err) { Label1.Text = err.Message; }
finally
{
con.Close();Response.Redirect("logion1.aspx");
}
}
}
为什么插不进数据库的表中,请高手指点,多谢多谢!!!!
if(RadioButtonList1.Items[0].Selected)
sex=RadioButtonList1.Items[0].Value;
else
sex=RadioButtonList1.Items[1].Value;其实只要
sex=RadioButtonList1.SelectedValue;
一句就行了。
设断点,将SQL语句放到数据库中执行,很快就能找到错误所在。
第一、插入数据时,最好带上表的字段名,如 Insert 表名(字段1, 字段2) Values(值1, 值2),否则表中一旦增加新的字段,你这段程序就运行不了了。
第二、即使不强求使用参数化的插入方式,至少要对拼接的字符串值做一下单引号的转义吧,很简单的,只要 str.Replace("'", "''") 就可以了。否则,很容易就可以做 SQL 注入了。