0

这是我的更新事件代码:

protected void GridView1_RowUpdating(object sender, GridViewUpdateEventArgs e)
{
    if (con.State == ConnectionState.Closed)
    {
        con.Open();
    }

    GridViewRow row = (GridViewRow)GridView1.Rows[e.RowIndex];
    int Label11 =Convert.ToInt32(((Label)row.FindControl("Label11")).Text);// this is the line m getting error in
    int Label12 = Convert.ToInt32(((Label)row.FindControl("Label12")).Text);
    int Label13 = Convert.ToInt32(((Label)row.FindControl("Label13")).Text);
    TextBox TextBox4 = (TextBox)row.FindControl("TextBox4");
    TextBox TextBox5 = (TextBox)row.FindControl("TextBox5");
    TextBox TextBox6 = (TextBox)row.FindControl("TextBox6");
    TextBox TextBox7 = (TextBox)row.FindControl("TextBox7");
    TextBox TextBox8 = (TextBox)row.FindControl("TextBox8");
    TextBox TextBox9 = (TextBox)row.FindControl("TextBox9");
    TextBox TextBox10 = (TextBox)row.FindControl("TextBox10");
    GridView1.EditIndex = -1;
    SqlCommand cmd = new SqlCommand("update monthly set date='" + TextBox4.Text + "',salary='" + TextBox5.Text + "',ta='" + TextBox6.Text + "',contigency='" + TextBox7.Text + "',nrc='" + TextBox8.Text + "',institcharges='" + TextBox9.Text + "',others='" + TextBox10.Text + "' where autoid='" + Label12 + "'", con);
    cmd.ExecuteNonQuery();
    cmd.Dispose();
    con.Close();
    grid_show();

我得到的错误是 FormatException 未处理 bu 用户代码输入字符串的格式不正确。

4

1 回答 1

1

使用适用于 Primitive 数据类型的 TryParse 方法。解释 SQL 注入和 ORM 框架超出了这个答案的范围。

http://social.msdn.microsoft.com/Search/en-US?query=TryParse&ac=8

void Main()
{
    //TryParse function signature
    //bool TryParse(String, Int32) 
    //Above method is for Integer. There are similar methods for all primitive data types

    //TryParse takes String value as an input and parameter as reference

    //Integer example
    int result;
    bool success = int.TryParse("10", out result);
    if(success) Console.WriteLine("Good value {0}", result);


    //DateTime example
    DateTime dtResult;
    success = DateTime.TryParse("01/10/2013", out dtResult);
    if(success) Console.WriteLine("Good date {0}", dtResult);
}
于 2013-02-09T09:47:31.890 回答