protected void LoadMessage(string str1, string str2)
{
SqlConnection con = new SqlConnection(strConstrin);
con.Open();
sqlString = "select * from Student where " + str1 + "=" + str2 + "";
SqlCommand cmd = new SqlCommand(sqlString, con);
SqlDataAdapter SqlAd = new SqlDataAdapter(cmd);
DataSet Rs = new DataSet();
SqlAd.Fill(Rs);
DataTable NewsTable = Rs.Tables[0];
this.GridView1.DataSource = NewsTable;
this.GridView1.DataBind();
con.Close();
}
protected void Button1_Click(object sender, EventArgs e)
{
string name = TextBox1.Text;
LoadMessage("Name", name);
}输入textbox的值后,总是提示列名 '黄生' 无效。
说明: 执行当前 Web 请求期间,出现未经处理的异常。请检查堆栈跟踪信息,以了解有关该错误以及代码中导致错误的出处的详细信息。 异常详细信息: System.Data.SqlClient.SqlException: 列名 '武凯亮' 无效。源错误:
行 42: SqlDataAdapter SqlAd = new SqlDataAdapter(cmd);
行 43: DataSet Rs = new DataSet();
行 44: SqlAd.Fill(Rs);
行 45: DataTable NewsTable = Rs.Tables[0];
行 46: this.GridView1.DataSource = NewsTable;
源文件: c:\Users\Administrator\Desktop\学生信息管理系统\Maneger.aspx.cs 行: 44 堆栈跟踪:
[SqlException (0x80131904): 列名 '武凯亮' 无效。]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +2062238
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +5050268
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning() +234
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2275
System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +33
System.Data.SqlClient.SqlDataReader.get_MetaData() +86
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +311
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +987
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +162
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +32
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +141
System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +12
System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) +10
System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +144
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +319
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet) +94
Maneger.LoadMessage(String str1, String str2) in c:\Users\Administrator\Desktop\学生信息管理系统\Maneger.aspx.cs:44
Maneger.Button1_Click(Object sender, EventArgs e) in c:\Users\Administrator\Desktop\学生信息管理系统\Maneger.aspx.cs:59
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +118
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +112
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5563
{
SqlConnection con = new SqlConnection(strConstrin);
con.Open();
sqlString = "select * from Student where " + str1 + "=" + str2 + "";
SqlCommand cmd = new SqlCommand(sqlString, con);
SqlDataAdapter SqlAd = new SqlDataAdapter(cmd);
DataSet Rs = new DataSet();
SqlAd.Fill(Rs);
DataTable NewsTable = Rs.Tables[0];
this.GridView1.DataSource = NewsTable;
this.GridView1.DataBind();
con.Close();
}
protected void Button1_Click(object sender, EventArgs e)
{
string name = TextBox1.Text;
LoadMessage("Name", name);
}输入textbox的值后,总是提示列名 '黄生' 无效。
说明: 执行当前 Web 请求期间,出现未经处理的异常。请检查堆栈跟踪信息,以了解有关该错误以及代码中导致错误的出处的详细信息。 异常详细信息: System.Data.SqlClient.SqlException: 列名 '武凯亮' 无效。源错误:
行 42: SqlDataAdapter SqlAd = new SqlDataAdapter(cmd);
行 43: DataSet Rs = new DataSet();
行 44: SqlAd.Fill(Rs);
行 45: DataTable NewsTable = Rs.Tables[0];
行 46: this.GridView1.DataSource = NewsTable;
源文件: c:\Users\Administrator\Desktop\学生信息管理系统\Maneger.aspx.cs 行: 44 堆栈跟踪:
[SqlException (0x80131904): 列名 '武凯亮' 无效。]
System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection) +2062238
System.Data.SqlClient.SqlInternalConnection.OnError(SqlException exception, Boolean breakConnection) +5050268
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning() +234
System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj) +2275
System.Data.SqlClient.SqlDataReader.ConsumeMetaData() +33
System.Data.SqlClient.SqlDataReader.get_MetaData() +86
System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) +311
System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async) +987
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, DbAsyncResult result) +162
System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) +32
System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) +141
System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) +12
System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) +10
System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +144
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) +319
System.Data.Common.DbDataAdapter.Fill(DataSet dataSet) +94
Maneger.LoadMessage(String str1, String str2) in c:\Users\Administrator\Desktop\学生信息管理系统\Maneger.aspx.cs:44
Maneger.Button1_Click(Object sender, EventArgs e) in c:\Users\Administrator\Desktop\学生信息管理系统\Maneger.aspx.cs:59
System.Web.UI.WebControls.Button.OnClick(EventArgs e) +118
System.Web.UI.WebControls.Button.RaisePostBackEvent(String eventArgument) +112
System.Web.UI.WebControls.Button.System.Web.UI.IPostBackEventHandler.RaisePostBackEvent(String eventArgument) +10
System.Web.UI.Page.RaisePostBackEvent(IPostBackEventHandler sourceControl, String eventArgument) +13
System.Web.UI.Page.RaisePostBackEvent(NameValueCollection postData) +36
System.Web.UI.Page.ProcessRequestMain(Boolean includeStagesBeforeAsyncPoint, Boolean includeStagesAfterAsyncPoint) +5563
protected void LoadMessage(string str1, string str2)
{
SqlConnection con = new SqlConnection(strConstrin);
sqlString = "select * from Student where " + str1 + "='" + str2 + "'";
SqlDataAdapter SqlAd = new SqlDataAdapter(sqlString,con);
DataTable NewsTable = new DataTable();
SqlAd.Fill(NewsTable);
this.GridView1.DataSource = NewsTable;
this.GridView1.DataBind();
}
执行Fill方法时数据连接会自动打开和关闭的。
str1和str2 你下断点看是什么值,估计空的
sqlString = "select * from Student where " + str1 + "=" + str2 + "";//上面的改为下面的,str2加单引号试试
sqlString = "select * from Student where " + str1 + "='" + str2 + "'";2 也有可能是你中英文输入的事 ,建议你sql字段名最好不是自己输入的,这样容易出错~!
sqlString = "select * from Student where " + str1 + "='"+ str2 +"'";
强烈建议参数化查询,防止sql注入
strSQL=string.Format(strSQL,"Name",this.TextBox1.Text);
SqlCommand cmd = new SqlCommand(strSQL, con);
protected void LoadMessage(string str1)
{
SqlConnection con = new SqlConnection(strConstrin);
con.Open();
sqlString = "select * from Student where Name='" + str2 + "'";
SqlCommand cmd = new SqlCommand(sqlString, con);
SqlDataAdapter SqlAd = new SqlDataAdapter(cmd);
DataSet Rs = new DataSet();
SqlAd.Fill(Rs);
DataTable NewsTable = Rs.Tables[0];
this.GridView1.DataSource = NewsTable;
this.GridView1.DataBind();
con.Close();
}
protected void Button1_Click(object sender, EventArgs e)
{
string name = TextBox1.Text;
LoadMessage(name);
}最后强烈建议参数化查询,防止sql注入
sqlString = "select * from Student where Name='" + str2 + "'";相同就好了
错了,把它改为:
sqlString = "select * from Student where " + str1 + "='" + str2 + "'";因为你输入的是字符串,并且你定义的那个“Name”应该是varchar类型的吧。正确的代码运行调试时,代码如下:
select * from Student where Name='name'
这样是把问题解决了,但是还有点不足就是如六楼所说的,为了防止sql注入,建议使用参数化查询,别用这种方法。
sqlString = "select * from Student where " + str1 + "='" + str2 + "'";
你可以写一个格式化参数的方法 public string SqlString(string par)
{
if (string.IsNullOrEmpty(par)) return null;
return "'" + par + "'";
}
开始你的方式没加引号,会导致str1即name的值为null 后面的被当成字段处理了
sqlString = "select * from Student where 列名1='" + str1 + "' and 列名2='" + str2 + "'";