1

我已经在这几个小时了,在这里找不到问题。我有 3 页,其中 2 页有更新并且工作正常,但这不是我希望有人能够找到问题所在。

一切都“似乎”正常工作,我看到“成功更新”消息,但它只是没有更新数据。

以下是相关的代码片段:

澳交所:

<asp:Repeater ID="TestDataList" runat="server" onItemCommand="Item_Command">
        <ItemTemplate>
            <div class='<%# Container.ItemIndex % 2 == 0 ? "list-wrap" : "list-wrap alternate" %>'>
                <a href="#" class="edit-list icon-pencil icon-large"></a>
                <div class="update">
                    <span class="dl-content">
                        <h2><asp:Label ID="TestNameDisplay" runat="server" CssClass="name" Text='<%# Eval("TestName") %>'/></h2>
                    </span>
                    <asp:LinkButton ID="deleteTestCase" CssClass="delete-list icon-trash icon-large" runat="server" CommandName="deleteTestCase" CommandArgument='<%#Eval("TestCaseID")%>'/>

                    <%--edit form--%>
                    <span class="dl-update">    
                        <asp:TextBox ID="TxtUpdateTestName" runat="server" CssClass='textEntry' Text='<%#Eval("TestName")%>'></asp:TextBox>
                        <asp:LinkButton ID="EditTestNameButton" runat="server" Text="Save" CommandName="SelectTestName" CommandArgument='<%#Eval("TestCaseID")%>' ValidationGroup='<%# "UpdateTestCaseName" + Eval("TestCaseID") %>' />
                        <asp:RequiredFieldValidator ID="UpdateTestNameRequired" runat="server" ControlToValidate="TxtUpdateTestName" CssClass="formValidation" ErrorMessage="What good is a test case with no name?" ValidationGroup='<%# "UpdateTestCaseName" + Eval("TestCaseID") %>'/>
                    </span>
                </div>
</ItemTemplate>
    </asp:Repeater>

代码背后:

protected void Item_Command(Object sender, RepeaterCommandEventArgs e)
    {
        if (e.CommandName == "SelectTestName")
        {
            string setTestNameSQL = "UPDATE TestCases SET TestName = @TestName WHERE TestCaseID = " + e.CommandArgument;

            SqlConnection conn = new SqlConnection(GetConnectionString());
            SqlCommand cmdUpdateTestName = new SqlCommand(setTestNameSQL, conn);

            TextBox tb = (TextBox)e.Item.FindControl("TxtUpdateTestName");

            SqlParameter u1 = new SqlParameter("TestName", tb.Text);
            SqlParameter u2 = new SqlParameter("TestCaseID", e.CommandArgument);

            cmdUpdateTestName.Parameters.Add(u1);
            cmdUpdateTestName.Parameters.Add(u2);

            try
            {
                conn.Open();
                cmdUpdateTestName.ExecuteNonQuery();
                PopulateTestList();
                lblUserFeedbackMessage.Text = "Sucessfully updated!";
            }
            catch (System.Data.SqlClient.SqlException ex)
            {
                string msg = "Update Error:";
                msg += ex.Message;
                throw new Exception(msg);
            }
            finally
            {
                conn.Close();
            }
        }
4

3 回答 3

1

试试这种方式:

string setTestNameSQL = "UPDATE TestCases SET TestName = @TestName WHERE TestCaseID = @TestCaseID";

SqlConnection conn = new SqlConnection(GetConnectionString());
SqlCommand cmdUpdateTestName = new SqlCommand(setTestNameSQL, conn);

TextBox tb = (TextBox)e.Item.FindControl("TxtUpdateTestName");

SqlParameter u1 = new SqlParameter("@TestName", tb.Text);
SqlParameter u2 = new SqlParameter("@TestCaseID", e.CommandArgument);

cmdUpdateTestName.Parameters.Add(u1);
cmdUpdateTestName.Parameters.Add(u2);

否则,您不提供参数的值,因为@缺少 并且您的命令容易受到sql injection attack的攻击。

于 2013-06-01T10:35:15.327 回答
0

您错过了sqlparamete 对象名称中的@(Symbol),因为您的查询参数对象名称是 @TestName 。但是您使用的 SqlParameter Name 是 @TestName 。错过了@符号

尝试下面的行而不是代码的那一行

       SqlParameter u1 = new SqlParameter("**@TestName**", tb.Text);
于 2013-06-01T10:32:40.067 回答
0

您正在使用 SqlParameters 这是一件好事,因为它避免了Sql 注入,但是为什么要e.CommandArgument直接传递更新查询。所以把它改成

string setTestNameSQL = "UPDATE TestCases SET TestName = @TestName WHERE TestCaseID = @TestCaseID";

并像这样添加参数(不要忘记@在参数名称之前添加)

SqlParameter u1 = new SqlParameter("@TestName", tb.Text);
SqlParameter u2 = new SqlParameter("@TestCaseID", e.CommandArgument)
于 2013-06-01T10:33:22.697 回答