1

我正在尝试将数据插入表中,我看到的代码片段似乎适用于那个人,但对我来说!我不知道我做错了什么,因为我不知道 asp.net 的数据库处理。有人可以告诉我代码有什么问题吗?

public partial class CompanyLogin : System.Web.UI.Page
{
protected void Button1_Click(object sender, EventArgs e)
{
    OdbcConnection conn = new OdbcConnection();
    conn.ConnectionString = @".\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\VCtemps.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True";

    string sql = "insert into company values(@CompName, @BusinessType, @Pword)";
    OdbcCommand cmd = new OdbcCommand(sql);
    string CompName = txtCompName.Text;
    string BusinessType = DropDownList1.Text;
    string Pword = txtPassword.Text;
    cmd.Connection = conn;

    cmd.CommandText = "insert into company(CompName, BusinessType, Pword) Values(@CompName,@BusinessType,@Pword);";
    cmd.Parameters.AddWithValue("@CompName",SqlDbType.VarChar);    
    cmd.Parameters.AddWithValue("@BusinessType",SqlDbType.VarChar);    
    cmd.Parameters.AddWithValue("@Pword",SqlDbType.VarChar);    

cmd.ExecuteNonQuery();

    conn.Close();

    txtCompName.Text = "";
    txtPassword.Text = "";
    DropDownList1.Text = "";
}
}

感谢你们,我修复了代码,但是当我运行它或单击注册按钮时,我收到以下错误

ExecuteNonQuery 需要一个开放且可用的连接。连接的当前状态为关闭

4

7 回答 7

4

您可以调整您的查询 -by deleting values

 cmd.CommandText = "insert into company(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')

注意:我建议你也使用SqlCommand.Parameters.AddWithValue method

并添加此代码:

    cmd.CommandText =  "insert into company(CompName, BusinessType, Pword) Values(@CompName,@BusinessType,@Pword);"

    cmd.Parameters.AddWithValue("@CompName",);    
    cmd.Parameters.AddWithValue("@BusinessType",);    
    cmd.Parameters.AddWithValue("@Pword",);    

    cmd.ExecuteNonQuery();
于 2012-10-11T14:14:55.303 回答
1

尝试更改以下内容:

conn.ConnectionString = "Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\VCtemps.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True";

至:

conn.ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=|DataDirectory|\\VCtemps.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True";

和:

cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')

至:

cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')";

额外的:

您应该使用参数化查询。切勿将用户输入直接传递到 SQL 语句中,因为您将容易受到 SQL 注入攻击。

string commandText = "insert into company values(CompName, BusinessType, Pword) values(@CompName, @BusinessType, @Pword)";
SqlCommand command = new SqlCommand(commandText, connection);

command.Parameters.Add("@CompName", SqlDbType.VarChar);
command.Parameters.Add("@BusinessType", SqlDbType.VarChar);
command.Parameters.Add("@PWord", SqlDbType.VarChar);
于 2012-10-11T14:15:32.200 回答
0
  1. In future code use parameters in sql commands!! See example.
  2. Escape your connection string with @ in front of whole string or '\' before symbols that need to be escaped. Example.
  3. cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "') is missing "; in the end.
  4. string sql = "insert into company values(@CompName, @BusinessType, @Pword)"; OdbcCommand cmd = new OdbcCommand(sql);
    and
    cmd.CommandText = "insert into company values(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')
    both are setting CommandText, so you can remove sql and change
    OdbcCommand cmd = new OdbcCommand(sql); to OdbcCommand cmd = new OdbcCommand();
于 2012-10-11T14:21:37.447 回答
0

检查以下示例。还将您的连接和命令包装在里面using clause

  string yourConnectionString="";
    int result=0;
    using(OdbcConnection conn = new OdbcConnection(yourConnectionString))
    {

         string sql = "insert into company values(@CompName, @BusinessType, @Pword)";
         using (OdbcCommand cmd=new OdbcCommand(sql,conn))
         {   
            cmd.Parameters.AddWithValue("@CompName",txtCompName.Text);
            cmd.Parameters.AddWithValue("@BusinessType",DropDownList1.SelectedValue);  
            cmd.Parameters.AddWithValue("@Pword ",txtPassword.Text);  
            conn.Open();
            result=cmd.ExecuteNonQuery();
         }
         conn.Close();
         if(result >0)
         {
           txtCompName.Text = "";
           txtPassword.Text = "";
           DropDownList1.SeletedIndex = -1;
         }    
    }
于 2012-10-12T15:26:31.900 回答
0
  1. 连接未打开
  2. sql带参数查询的不必要字符串
  3. 查询中的语法错误 (CommandText)

.

protected void Button1_Click(object sender, EventArgs e)
{
    OdbcConnection conn = new OdbcConnection();
    conn.ConnectionString = "Data Source=.\SQLEXPRESS;
                       AttachDbFilename=|DataDirectory|\VCtemps.mdf;Integrated 
                       Security=True;Connect Timeout=30;User Instance=True";

    OdbcCommand cmd = new OdbcCommand();
    string CompName = txtCompName.Text;
    string BusinessType = DropDownList1.Text;
    string Pword = txtPassword.Text;

    conn.Open();
    cmd.Connection = conn;

    cmd.CommandText = "insert into company (CompName, BusinessType, Pword) 
                values('"+ CompName + "','"+ BusinessType + "','" + Pword + "')";

    cmd.ExecuteNonQuery();

    conn.Close();

    txtCompName.Text = "";
    txtPassword.Text = "";
    DropDownList1.Text = "";
}
于 2012-10-11T14:29:32.363 回答
0

检查以开头的行是否有cmd.CommandText引号中的错误。

您可以尝试使用以下String.Format方法:

 cmd.CommandText = String.Format("insert into company values(CompName, BusinessType, Pword) values('{0}','{1}','{2}')",CompName,BusinessType,Pword);

我发现这可以帮助我更轻松地跟踪连接变量。

于 2012-10-11T14:16:07.517 回答
0

cmd.CommandText = "插入公司值(CompName, BusinessType, Pword) values('"+ CompName + "','"+ BusinessType + "','" + Pword + "'");

尝试这个....

于 2012-10-11T14:14:49.523 回答