c#编写web后端

各位大佬我这段代码有啥问题吗?using System;
using System.Collections.Generic;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.Common;
using System.Data.SqlClient;
using System.Configuration;
using System.Net;
using System.IO;
using System.Text;
public partial class chaxun_TPTP : System.Web.UI.Page
{    /// <summary>
    /// 添加托盘信息
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void Button1_Click(object sender, EventArgs e)
    {
         ///事件触发,动作被捕捉        string constring = "server=172.50.34.20;database=sbs_2016wms_db_hfwl ;User ID=sa;Password=sa!";        string sqll = " select count(1) from T_RFID_COMPARE_TP where c_plc_rfid=txtplcrfid and c_mes_rfid=txtMesrfid";        SqlConnection conn1 = new SqlConnection(constring);
        conn1.Open();
        SqlCommand cmd1 = new SqlCommand(sql1, conn1);        int i = cmd1.ExecuteScalar();
        if (i > 0)
        {
            this.Page.RegisterStartupScript("alert", "<script>alert('托盘编码已存在!!')</script>");
            return;
        }
        else
        {
            string sql2 = "insert into  T_RFID_COMPARE_TP  ( c_device_name " + ",c_plc_rfid" + ",c_mes_rfid" + ",c_type" + ",c_materiel_id" + ",c_materiel_barcode" + " ,c_states"
            + ",i_deal" + " ,i_tag) Values('','" + txtplcrfid.Text.Trim() + "','" + txtMesrfid.Text.Trim() + "','TP','0','0','','0','0') ";            SqlConnection conn2 = new SqlConnection(constring);
            conn2.Open();
            SqlCommand cmd2 = new SqlCommand(sql2, conn2);
            int i = cmd2.ExecuteNonQuery();
            if (i == 1)
            {                this.Page.RegisterStartupScript("alert", "<script>alert('托盘信息添加成功!!')</script>");
                return;
            }
        }
        conn1.Close();    }
    /// <summary>
    /// 查询托盘号
    /// </summary>
    /// <param name="sender"></param>
    /// <param name="e"></param>
    protected void Button3_Click(object sender, EventArgs e)
    {
        string constring = "server=172.50.34.20;database=sbs_2016wms_db_hfwl ;User ID=sa;Password=sa!";
        string sql3 = " SELECT c_id ,c_plc_rfid,c_mes_rfid FROM T_RFID_COMPARE_TP where c_mes_rfid=txtMesrfid or c_plc_rfid=txtplcrfid";
        SqlConnection con3 = new SqlConnection(constring);
        con3.Open();
        SqlCommand com3 = new SqlCommand(sql3, con3);        while (pds.Read())
        {
            pds = com.ExecuteReader();
            this.DataList2.DataSource = pds;
            this.DataList2.DataBind();        }
        con3.Close();
    }    //删除功能
    protected void Button2_Click(object sender, EventArgs e)
    {
        string constring = "server=172.50.34.20;database=sbs_2016wms_db_hfwl ;User ID=sa;Password=sa!";
        string sql4 = " delete from T_RFID_COMPARE_TP where  c_mes_rfid=txtMesrfid or c_plc_rfid=txtplcrfid";
        SqlConnection con4 = new SqlConnection(constring);
        con4.Open();
        SqlCommand cmd3 = new SqlCommand(sql4, conn4);
        int i = cmd3.ExecuteNonQuery();
        if (i == 0)
        {            this.Page.RegisterStartupScript("alert", "<script>alert('托盘信息删除成功!!')</script>");
            return;
        }
        con4.Close();    }
}

解决方案 »

  1.   


    这是前端代码
    <%@ Page Language="C#" AutoEventWireup="true" CodeFile="chaxun_TPTP.aspx.cs" Inherits="chaxun_TPTP" %><!DOCTYPE html><html xmlns="http://www.w3.org/1999/xhtml">
    <head runat="server">
    <meta http-equiv="Content-Type" content="text/html; charset=utf-8"/> 
        <title>查询成型胎胚MES绑定</title><style type="text/css">
      table.gridtable {
            font-family: verdana,arial,sans-serif;
            font-size:11px;
            color:#333333;
            border-width: 1px;
            border-color: #666666;
            border-collapse: collapse;
      }
      .gridtable {
            font-family: verdana,arial,sans-serif;
            font-size:11px;
            color:#333333;
            border-width: 1px;
            border-color: #666666;
            border-collapse: collapse;
      }
      table.gridtable th {
            border-width: 1px;
            padding: 8px;
            border-style: solid;
            border-color: #666666;
            background-color: #dedede;
      }
     table.gridtable td {
            border-width: 1px;
            padding: 8px;
            border-style: solid;
            border-color: #666666;
            background-color: #ffffff;
     }
    </style></head>
    <body>
        <form id="form1" runat="server">  
              <div style="margin-top:15px;"> 
                  <asp:Label ID="Label1" runat="server" style="font-size: xx-large; font-weight: 700" Text="E0040开头RDFID号:"></asp:Label>
            <asp:TextBox ID="txtplcrfid" runat="server" Font-Size="XX-Large" Height="36px" 
                      Width="249px" MaxLength="16"></asp:TextBox>
                  <br />
            <br />
                  <asp:Label ID="Label2" runat="server" 
                      style="font-size: xx-large; font-weight: 700" Text="HQGTP开头RDFID号:"></asp:Label>
            <asp:TextBox ID="txtMesrfid" runat="server" Font-Size="XX-Large" Height="42px" 
                      Width="262px" MaxLength="16"></asp:TextBox>
                  <br />
            <br />
            <asp:Button ID="Button1" runat="server" Height="40px" Text="添加工装号" Width="283px" OnClick="Button1_Click" OnClientClick=" return funLogin()" />
        
            <br />
                  <asp:Button ID="Button2" runat="server"  Text="删除工装号"   OnClick="Button2_Click" Width="282px"  Height="40px" />
             <br/>
                  <hr />
            <br />   
            <asp:TextBox ID="TextBox2" runat="server" Font-Size="XX-Large" Height="57px" 
                      Width="431px" MaxLength="16">E0040150A05EFB22</asp:TextBox>
                  <br />
                  <br />
            <asp:Button ID="Button3" runat="server"  Text="查询工装号"   OnClick="Button3_Click" Width="282px"  Height="40px" />
        
            <br />
             
            
            &nbsp;<asp:DataList ID="DataList2" runat="server">
                <ItemTemplate>
                   <table   class="gridtable">                  <tr>
                          <td> <asp:Label ID="Label1" runat="server"  Text='<%# Eval("equipment_name")%>'></asp:Label></td>
                        
                       
                          <td>  <asp:Label ID="Label2" runat="server"  Text='<%# Eval("trans_time")%>'></asp:Label> </td>
                       
                       </tr> 
                   </table>
                </ItemTemplate>
            </asp:DataList>
        
        </div>
            <br />
            <br />
            <script type="text/jscript">
                function funLogin() {
                    var EAN = document.getElementById("txtplcrfid");
                    var leftJD = document.getElementById("txtMesrfid");                if (EAN.value == "") {
                        alert("请输入托盘信息!!");
                        return false;                }
                    else if (leftJD.value == "") {
                        alert("请输入托盘信息!!");
                        return false;
                    }
                  
                    else {
                        return true;
                    }
                }</script> 
        </form>
    </body>
    </html> 
      

  2.   

    string constring = "server=172.50.34.20;database=sbs_2016wms_db_hfwl ;User ID=sa;Password=sa!";这是不是数据库连接呢?
      

  3.   

    所以是连不上数据库么还是什么,我只看到了你数据库语句是 sqll,然后后面的连接却用了sql1
      

  4.   

    http://www.cnblogs.com/alexis/archive/2010/11/06/1870519.html
      

  5.   

    吓得我赶紧ping了一下 
      

  6.   

    这是内部服务器,需要权限的,你肯定ping不通
      

  7.   

      <asp:TextBox ID="txtMesrfid" runat="server" Font-Size="XX-Large" Height="42px" 
                      Width="262px" MaxLength="16"></asp:TextBox>  
    select count(1) from T_RFID_COMPARE_TP where c_plc_rfid=txtplcrfid and c_mes_rfid=txtMesrfid这是对象 你得  对象.属性 你要获取前台输入框的值 得txtMesrfid.Text而且这样是及其不安全的 要稍微防止一下sql注入