为什么还拼接字符串?不也能够这种方式?
protected void Button3_Click(object sender, EventArgs e)
{
SqlConnection con = null;
SqlCommand cmd = null;
string sql = null; if (Session["UserID"] != null)
{
if (!txtReply.Text.Trim().Equals(""))
{
con = DB.getSqlCon();
sql = "insert into replycard (cardid,replycardcontent ,replyuser,replytime)values(@cardid,@replycontent,@user,@time)";
cmd = new SqlCommand(sql, con);
cmd.Parameters.AddWithValue("@cardid", this.laCardID.Text);
cmd.Parameters.AddWithValue("@replycontent", this.txtReply.Text.Trim());
cmd.Parameters.AddWithValue("@user", Session["UserID"].ToString());
cmd.Parameters.AddWithValue("@time", Convert.ToDateTime(DateTime.Now)); //帖子回复数加1,以后考虑写入cs文件里(card.cs)
if (cmd.ExecuteNonQuery() > 0)
{
sql = "update card set replynum = replynum +1 , lastreply = @last,lastreplyuser = @lastuser where cardid = @id";
cmd = new SqlCommand(sql, con);
cmd.Parameters.AddWithValue("@last", Convert.ToDateTime(DateTime.Now));
cmd.Parameters.AddWithValue("@id", this.laCardID.Text);
cmd.Parameters.AddWithValue("@lastuser", Session["UserID"].ToString());
cmd.ExecuteNonQuery();
con.Close();
Response.Redirect(Request.Url.ToString());
}
else
{
this.laReplyRemind.Text = "回帖失败,请稍后重试";
}
con.Close();
}
else
{
this.laReplyRemind.Text = "回帖内容不能为空";
}
}
else
{
this.laReplyRemind.Text = "请先登陆后再发表回帖";
}
}
protected void Button3_Click(object sender, EventArgs e)
{
SqlConnection con = null;
SqlCommand cmd = null;
string sql = null; if (Session["UserID"] != null)
{
if (!txtReply.Text.Trim().Equals(""))
{
con = DB.getSqlCon();
sql = "insert into replycard (cardid,replycardcontent ,replyuser,replytime)values(@cardid,@replycontent,@user,@time)";
cmd = new SqlCommand(sql, con);
cmd.Parameters.AddWithValue("@cardid", this.laCardID.Text);
cmd.Parameters.AddWithValue("@replycontent", this.txtReply.Text.Trim());
cmd.Parameters.AddWithValue("@user", Session["UserID"].ToString());
cmd.Parameters.AddWithValue("@time", Convert.ToDateTime(DateTime.Now)); //帖子回复数加1,以后考虑写入cs文件里(card.cs)
if (cmd.ExecuteNonQuery() > 0)
{
sql = "update card set replynum = replynum +1 , lastreply = @last,lastreplyuser = @lastuser where cardid = @id";
cmd = new SqlCommand(sql, con);
cmd.Parameters.AddWithValue("@last", Convert.ToDateTime(DateTime.Now));
cmd.Parameters.AddWithValue("@id", this.laCardID.Text);
cmd.Parameters.AddWithValue("@lastuser", Session["UserID"].ToString());
cmd.ExecuteNonQuery();
con.Close();
Response.Redirect(Request.Url.ToString());
}
else
{
this.laReplyRemind.Text = "回帖失败,请稍后重试";
}
con.Close();
}
else
{
this.laReplyRemind.Text = "回帖内容不能为空";
}
}
else
{
this.laReplyRemind.Text = "请先登陆后再发表回帖";
}
}
写sql建议用参数
还有要注意 ds.Tables[0].Rows[***]["****"].ToString() 中的Row[***]中的值