這是我第一次使用sql和asp.net。我正在研究幾個示例,以確保我擁有所有我需要的基礎知識。我正在通過一個教程,一切都應該工作得很好,我得到一個.ExecuteNonQuery()錯誤。 SqlException未被用戶代碼處理//關鍵字'Table'附近的語法錯誤。.ExecuteNonQuery()sql asp.net錯誤
如果您有任何指示,請告訴我。我做了兩次這個教程,我確信我在這裏做錯了什麼。 -Thanks
.CS代碼:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
namespace WebSite
{
public partial class _default : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString);
protected void Page_Load(object sender, EventArgs e)
{
con.Open();
}
protected void Button1_Click(object sender, EventArgs e)
{
SqlCommand cmd = new SqlCommand("insert into Table values('" + txtfName.Text + "','" + txtlName.Text + "','" + txtpNumber.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
Label1.Visible = true;
Label1.Text = "Your DATA has been submitted";
txtpNumber.Text = "";
txtlName.Text = "";
txtfName.Text = "";
}
}
}
.aspx文件:
<form id="form1" runat="server">
<div class="auto-style1">
<strong>Insert data into Database<br />
<br />
</strong>
</div>
<table align="center" class="auto-style2">
<tr>
<td class="auto-style3">First Name:</td>
<td class="auto-style4">
<asp:TextBox ID="txtfName" runat="server" Width="250px"></asp:TextBox>
</td>
</tr>
<tr>
<td class="auto-style3">Last Name:</td>
<td class="auto-style4">
<asp:TextBox ID="txtlName" runat="server" Width="250px"></asp:TextBox>
</td>
</tr>
<tr>
<td class="auto-style3">Phone Number:</td>
<td class="auto-style4">
<asp:TextBox ID="txtpNumber" runat="server" Width="250px"></asp:TextBox>
</td>
</tr>
<tr>
<td class="auto-style3"> </td>
<td class="auto-style4">
<asp:Button ID="Button1" runat="server" OnClick="Button1_Click" Text="Submit" Width="150px" />
</td>
</tr>
</table>
<br />
<br />
<asp:Label ID="Label1" runat="server" ForeColor="#663300" style="text-align: center" Visible="False"></asp:Label>
<br />
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" SelectCommand="SELECT * FROM [Table]"></asp:SqlDataSource>
</form>
SQL數據庫:
CREATE TABLE [dbo].[Table] (
[Id] INT IDENTITY (1, 1) NOT NULL,
[fName] VARCHAR (50) NOT NULL,
[lName] VARCHAR (50) NOT NULL,
[pNumber] VARCHAR (50) NOT NULL,
PRIMARY KEY CLUSTERED ([Id] ASC)
);
[SQL注入警報](http://msdn.microsoft.com/en-us/library/ms161953%28v=sql.105%29.aspx) - 您應該**不**將您的SQL語句連接在一起 - 使用**參數化查詢**來代替以避免SQL注入 –