INSERT語句忽略一塊

Question

我有一個模式彈出應該上傳文件。這樣做很好，除了它不給它們一個標題，因此沒有任何東西顯示在我的頁面上，因爲Title是它們在列表中顯示的方式。我應該用什麼替換LinkTitle.Text才能使它工作？ 我想解決這個傢伙的代碼，因爲它沒有正常工作。我在下面添加了一條評論，其中有參數化的新代碼。這是在使用Microsoft SQL Server的ASP.net 4.0 VB中。

Protected Sub SubmitDocument_Click(ByVal sender As Object, ByVal e As EventArgs) Handles SubmitDocument.Click 
    DocumentModal.Hide() 
    'Builds the full absolute URL to be inserted into the database. 
    Dim hostURL As String = Request.Url.Scheme & "://" & Request.Url.Host & ":" & Request.Url.Port & Request.ApplicationPath 
    Dim sqlFileHREF As String = "INSERT INTO Marketing (ProductID, MarketingTypeID, MarketingTitle, MarketingData) VALUES (" & ProductID.Value & " ,4, '" & LinkTitle.Text & "', '" & hostURL & "uploads/" & ProductID.Value & "/" & DocumentUpload.FileName & "')" 
    sqlFileHREF.Replace("'", "''") 
    'Create SQL Connection 
    Dim SqlConnection As New SqlConnection("****************************************") 
    SqlConnection.Open() 
    Dim sqlCommand As New SqlCommand(sqlFileHREF, SqlConnection) 
    sqlCommand.ExecuteNonQuery() 
    SqlConnection.Close() 
    Response.Redirect(Request.RawUrl) 
End Sub 

     <!-- Add a Document --> 
    <li> 
     <asp:LinkButton ID="DocumentButton" runat="server">Document</asp:LinkButton> 
     <asp:Panel ID="DocumentPanel" runat="server" CssClass="modalPopup" Style="display:none"> 
      <asp:FileUpload ID="DocumentUpload" runat="server" /> 
      <asp:Button ID="SubmitDocument" runat="server" Text="Upload" onclick="SubmitDocument_Click" /><asp:Button ID="CancelDocument" runat="server" Text="Cancel" /><asp:HiddenField ID="filename" runat="server" /> 
     </asp:Panel>  
     <asp:ModalPopupExtender ID="DocumentModal" runat="server" DropShadow="True" DynamicServicePath="" Enabled="True" PopupControlID="DocumentPanel" TargetControlID="DocumentButton"></asp:ModalPopupExtender> 
    </li> 

Answer 1

這是我現在的代碼感謝上面評論的人！

<!-- Add a Document --> 
    <li> 
     <asp:LinkButton ID="DocumentButton" runat="server">Document</asp:LinkButton> 
     <asp:Panel ID="DocumentPanel" runat="server" CssClass="modalPopup" Style="display:none"> 
      Title:<asp:TextBox ID="DocumentTitle" runat="server"></asp:TextBox> 
      <asp:FileUpload ID="DocumentUpload" runat="server" /> 
      <asp:Label ID="DocumentLabel" runat="server"></asp:Label> 
      <asp:Button ID="SubmitDocument" runat="server" Text="Upload" onclick="SubmitDocument_Click" /> 
<asp:Button ID="CancelDocument" runat="server" Text="Cancel" /> 
<asp:HiddenField ID="filename" runat="server" /> 
     </asp:Panel> 
     <asp:ModalPopupExtender ID="DocumentModal" runat="server" DropShadow="True" DynamicServicePath="" Enabled="True" PopupControlID="DocumentPanel" TargetControlID="DocumentButton"></asp:ModalPopupExtender> 
     </li> 

Protected Sub SubmitDocument_Click(ByVal sender As Object, ByVal e As EventArgs) Handles SubmitDocument.Click 
    DocumentModal.Hide() 
    'Builds the full absolute URL to be inserted into the database. 
    Dim hostURL As String = Request.Url.Scheme & "://" & Request.Url.Host & ":" & Request.Url.Port & Request.ApplicationPath 

    'SQL INSERT: Marketing Table 
    Dim strSQL As String = "INSERT INTO Picklist (Title, Data) VALUES (@Title, @Data);INSERT INTO Marketing (ProductID, MarketingTypeID, MarketingTitle, MarketingData) VALUES (@ProductID,4, 'Document', scope_identity())" 
    DocumentUpload.PostedFile.SaveAs(Server.MapPath(String.Format("/uploads/{0}/{1}", ProductID.Value, DocumentUpload.PostedFile.FileName))) 

    Using cn As New SqlConnection(System.Configuration.ConfigurationManager.ConnectionStrings("LocalSqlServer").ConnectionString) 

     Using cmd As New SqlCommand(strSQL, cn) 
      cmd.Parameters.Add(New SqlParameter("@ProductID", ProductID.Value)) 
      cmd.Parameters.Add(New SqlParameter("@Title", DocumentTitle.Text)) 
      cmd.Parameters.Add(New SqlParameter("@Data", hostURL & "uploads/" & ProductID.Value & "/" & DocumentUpload.FileName)) 

      cn.Open() 

      cmd.ExecuteNonQuery() 
     End Using 
    End Using 
    Response.Redirect(Request.RawUrl) 
End Sub