0

我正在使用以下代码进行编辑功能。当我输入值时,它不会显示任何错误,但不会将新值保存在数据库中。INSERT 和 UPDATE 命令都不起作用。

SqlConnection con = new SqlConnection("Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\Users\\Omer\\Documents\\Visual Studio 2010\\WebSites\\WAPPassignment\\App_Data\\LoginStuff.mdf;Integrated Security=True;User Instance=True");
SqlCommand cmd;
SqlDataReader dr;


protected void imgbtnENFN_Click(object sender, ImageClickEventArgs e)
{
    pnENFN.Visible = false;
    lblENFN.Text = txtENFN.Text;
}


protected void imgbtnENLN_Click(object sender, ImageClickEventArgs e)
{
    pnENLN.Visible = false;
    lblENLN.Text = txtENLN.Text;
}

protected void Button3_Click(object sender, EventArgs e)
{
    con.Open();
   // cmd = new SqlCommand("UPDATE WhatTypes SET [First Name]='" + lblENFN.Text + "',[Last Name]='" + lblENLN.Text + "',[TP Number]='" + lblNTPn.Text + "',Email='" + lblENEm.Text + "',UserName='" + lblENUN.Text + "',Password='" + lblENP.Text + "',UserLevel='"+ lblEUL.Text+"Where UserName='" + txtAEUNS.Text+"')", con);
    cmd = new SqlCommand("Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) Values ('" + lblENFN.Text + "','" + lblENLN.Text + "','" + lblNTPn.Text + "','" + lblENEm.Text + "', '" + txtEUN.Text + "', '" + lblENP.Text + "','" + lblEUL.Text+"'Where UserName = '"+txtAEUNS.Text+"' )", con);
   cmd.ExecuteNonQuery();
    con.Close();
}
4

8 回答 8

1

试试这个它会工作

cmd = new SqlCommand("Insert into WhatTypes([First Name], [Last Name], [TP Number], Email,  UserName, Password, UserLevel) Values ('" + lblENFN.Text + "','" + lblENLN.Text + "','" + lblNTPn.Text + "','" + lblENEm.Text + "', '" + txtEUN.Text + "', '" + lblENP.Text + "','" + lblEUL.Text+" )", con);
cmd.ExecuteNonQuery();
于 2013-09-04T09:12:25.047 回答
1 
protected void Button3_Click(object sender, EventArgs e)
{
    con.Open();
   // cmd = new SqlCommand("UPDATE WhatTypes SET [First Name]='" + lblENFN.Text + "',[Last Name]='" + lblENLN.Text + "',[TP Number]='" + lblNTPn.Text + "',Email='" + lblENEm.Text + "',UserName='" + lblENUN.Text + "',Password='" + lblENP.Text + "',UserLevel='"+ lblEUL.Text+"Where UserName='" + txtAEUNS.Text+"')", con);
    cmd = new SqlCommand("Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) Values ('" + lblENFN.Text + "','" + lblENLN.Text + "','" + lblNTPn.Text + "','" + lblENEm.Text + "', '" + txtEUN.Text + "', '" + lblENP.Text + "','" + lblEUL.Text+"')", con);
   cmd.ExecuteNonQuery();
    con.Close();
}
于 2013-09-04T09:13:42.987 回答
0 
protected void cmdInsert_Click(object sender, EventArgs e)
{
    con.Open();
    string InsertQuery="Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) "+
        " Values (@fname,@lname,@tpNumber,@email,@userName,@password,@userLevel)";
    cmd = new SqlCommand(InsertQuery,con);
    cmd.Parameters.AddWithValue("@fname",lblENFN.Text);
    cmd.Parameters.AddWithValue("@lname",lblENLN.Text);
    cmd.Parameters.AddWithValue("@tpNumber",lblNTPn.Text);
    cmd.Parameters.AddWithValue("@email",lblENEm.Text);
    cmd.Parameters.AddWithValue("@userName",txtEUN.Text);
    cmd.Parameters.AddWithValue("@password",lblENP.Text);
    cmd.Parameters.AddWithValue("@userLevel",lblEUL.Text);
    cmd.ExecuteNonQuery();
    con.Close();
}
protected void cmdUpdate_Click(object sender, EventArgs e)
{
    con.Open();
    string InsertQuery = "UPDATE WhatTypes SET [First Name]=@fname,[Last Name]=@lname,"+
        "[TP Number]=@tpNumber,Email=@email,Password=@password,UserLevel=@userLevel Where UserName=@userName";
    cmd = new SqlCommand(InsertQuery, con);
    cmd.Parameters.AddWithValue("@fname", lblENFN.Text);
    cmd.Parameters.AddWithValue("@lname", lblENLN.Text);
    cmd.Parameters.AddWithValue("@tpNumber", lblNTPn.Text);
    cmd.Parameters.AddWithValue("@email", lblENEm.Text);
    //you do not update username
    //cmd.Parameters.AddWithValue("@userName", txtEUN.Text);
    cmd.Parameters.AddWithValue("@password", lblENP.Text);
    cmd.Parameters.AddWithValue("@userLevel", lblEUL.Text);
    cmd.Parameters.AddWithValue("@userName", txtAEUNS.Text);
    cmd.ExecuteNonQuery();
    con.Close();
}
于 2013-09-04T09:04:35.287 回答
0

你应该把')'放在哪里

于 2013-09-04T09:05:39.137 回答
0

用于SqlParameter在sql命令中设置变量,比字符串concat更安全、更易读。在这种情况下,您在 where 语句之前的 sql 字符串上出现错误。在配置文件中保留连接字符串,在try catch块中进行操作并在finally块上关闭连接是一种优雅的方式。顺便省略块WHERE上的语句INSERT

于 2013-09-04T09:07:45.107 回答
0

将您的 cmd 语句替换为 

cmd = new SqlCommand("Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) Values ('" + lblENFN.Text + "','" + lblENLN.Text + "','" + lblNTPn.Text + "','" + lblENEm.Text + "', '" + txtEUN.Text + "', '" + lblENP.Text + "','" + lblEUL.Text + "') Where UserName = '" + txtAEUNS.Text + "'", con);
于 2013-09-04T09:12:54.937 回答
0

尝试这个:

protected void Button3_Click(object sender, EventArgs e)
{
    con.Open();
   // cmd = new SqlCommand("UPDATE WhatTypes SET [First Name]='" + lblENFN.Text + "',[Last Name]='" + lblENLN.Text + "',[TP Number]='" + lblNTPn.Text + "',Email='" + lblENEm.Text + "',UserName='" + lblENUN.Text + "',Password='" + lblENP.Text + "',UserLevel='"+ lblEUL.Text+" Where UserName='" + txtAEUNS.Text+"'", con);
    //remove comment for update statement
    cmd = new SqlCommand("Insert into WhatTypes([First Name], [Last Name], [TP Number], Email, UserName, Password, UserLevel) Values ('" + lblENFN.Text + "','" + lblENLN.Text + "','" + lblNTPn.Text + "','" + lblENEm.Text + "', '" + txtEUN.Text + "', '" + lblENP.Text + "','" + lblEUL.Text+"')", con);
   cmd.ExecuteNonQuery();
    con.Close();
}
于 2013-09-04T09:26:11.287 回答
0

像你的命令一样尝试。希望它可以帮助。您可以使用命令参数:

string sqlIns = "INSERT INTO table (name, information, other) 
                     VALUES (@name, @information,@other)";
db.Open();

try
{
SqlCommand cmdIns = new SqlCommand(sqlIns, db.Connection);
cmdIns.Parameters.Add("@name", info);
cmdIns.Parameters.Add("@information", info1);
cmdIns.Parameters.Add("@other", info2);
cmdIns.ExecuteNonQuery();
cmdIns.Dispose();
cmdIns = null;
}
catch(Exception ex)
{
throw new Exception(ex.ToString(), ex);
}
finally
{
db.Close();
}
于 2013-09-04T09:31:56.450 回答