1

因此,如果我运行此代码,我会抛出一个关于文本框“clid”绑定的多部分标识符错误

有人可以帮忙解决这个问题吗?

Using cnnentry As New SqlConnection("Data Source=NB-1492\sqlipt;Initial Catalog=Bookings;Integrated Security=True;Pooling=False")
    Dim entrclientid As String
    Dim clid As New TextBox
    clid = FormView1.FindControl("txtclientid")
    entrclientid = Convert.ToString(clid)
    Dim sqlentry1 As String = "INSERT INTO BOOKING_DETAILS(CLIENT_ID) VALUES("
    Dim sqlentry2 As String = entrclientid
    Dim sqlentry3 As String = ")"
    Dim sqlentry4 As String = sqlentry1 & sqlentry2 & sqlentry3
    Dim cmdclientid As New SqlCommand(sqlentry4, cnnentry)
    cnnentry.Open()
    string1 = cmdclientid.ExecuteNonQuery()
    cnnentry.Close()
End Using

提前致谢

PS请原谅我写的非常快的命名约定

4

1 回答 1

2

您不想将其转换TextBox为 aString但它的Text属性:

改变

entrclientid = Convert.ToString(clid)


entrclientid = clid.Text

但更重要的是,您应该使用 sql-parameters 来防止 sql-injection。

Dim sql As String = "INSERT INTO BOOKING_DETAILS(CLIENT_ID) VALUES(@CLIENT_ID)"
Dim cmdclientid As New SqlCommand(sql, cnnentry)
cmdclientid.Parameters.AddWithValue("@CLIENT_ID", clid.Text)
于 2013-09-13T21:26:15.543 回答