protected void SureBtn_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conn"]);
con.Open();
string sql = "insert into store (name,number,amount) values('"+name+"','"+number+"','"+amount+"')";
SqlCommand cmd = new SqlCommand(sql,con);
try
{
cmd.ExecuteNonQuery;
Response.Write("<script language=javascript>alert('" + 添加数据成功 + "')</script>"); con.Close();
}
调试后出错,什么原因啊?
{
SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conn"]);
con.Open();
string sql = "insert into store (name,number,amount) values('"+name+"','"+number+"','"+amount+"')";
SqlCommand cmd = new SqlCommand(sql,con);
try
{
cmd.ExecuteNonQuery;
Response.Write("<script language=javascript>alert('" + 添加数据成功 + "')</script>"); con.Close();
}
调试后出错,什么原因啊?
解决方案 »
- 请问IBM的主页最下面的那个翻页功能是用什么实现的?
- <body ...... onmousedown="??">
- 关于网上虚拟空间的问题?
- 请教一个插入数据库数据的问题?
- 日期格式数据输入求解
- 请问如何把vb.net或C#的代码嵌入javascript中
- dll调用sql server的存储过程的问题
- public class include:System.Web.UI.Page//请问为何需要加System.Web.UI.Page?
- 请问sqlserver中null值用什么来表示
- 有谁知道这个commandName = "select"的作用(在线等待)
- .NET资浅程序员请教老鸟关于支付宝集成进网站的问题!
- Gridview求值问题
改成
cmd.ExecuteNonQuery();
string sql = "insert into store (name,number,amount) values('"+name+"','"+number+"','"+amount+"')";
这种写法很容易出问题的,而且也不安全,改成输入参数的。否则单引号替换有的时候很头疼,很容易出错的
{
SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conn"]);
con.Open();
string sql = "insert into store ([name],[number],[amount]) values('"+name+"','"+number+"','"+amount+"')";
SqlCommand cmd = new SqlCommand(sql,con);
try
{
cmd.ExecuteNonQuery();
Response.Write(" <script language=javascript>alert('" + 添加数据成功 + "') </script>"); con.Close();
}
你的这几个值在哪里定义的?
protected void SureBtn_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection(ConfigurationManager.AppSettings["conn"]);
con.Open();
string sql = "insert into store ([name],[number],[amount]) values('"+name+"','"+number+"','"+amount+"')";
SqlCommand cmd = new SqlCommand(sql,con);
try
{
cmd.ExecuteNonQuery();
Response.Write(" <script language=javascript>alert('" + 添加数据成功 + "') </script>"); con.Close();
}