1. 首頁
  2. 問答
  3. SQL更新命令不起作用

SQL更新命令不起作用

2014-02-05 142 views
-1

我在Asp.net網站上創建了一個網頁。接下來的頁面加載將從上一頁獲取參數時運行。該頁面還具有編輯數據庫內容和更新的選項。但是,當按鈕(保存)被點擊時,它不會更新數據庫。很好的幫助。但是,當頁面加載中沒有連接時,更新命令將起作用。SQL更新命令不起作用

protected void Page_Load(object sender, EventArgs e) 
{ 
    String cust=Request.QueryString["custName"]; 
    String env = Request.QueryString["env"]; 
    SqlConnection cnn = new SqlConnection(); 
    string connStr = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString; 
    SqlDataAdapter adapter = new SqlDataAdapter(); 
    cnn.ConnectionString = connStr; 
    cnn.Open(); 
    view(); 
    if (env == "Production") 
    { 
     DataSet MyDataSet = new DataSet(); 
     adapter = new SqlDataAdapter("Select * from Customer_Production where [email protected]", cnn); 
     SqlCommandBuilder m_cbCommandBuilder = new SqlCommandBuilder(adapter); 
     cnn.Close(); 
     //SqlCommand cmd = new SqlCommand("Select * from Customer_Production where [email protected]", cnn); 
     adapter.SelectCommand.Parameters.AddWithValue("@cust", cust); 
     adapter.Fill(MyDataSet, "Servers"); 
     foreach (DataRow myRow in MyDataSet.Tables[0].Rows) 
     { 
      custName.Value = myRow["Customer_name"].ToString(); 
      custMaintain.Value= myRow["Customer_Maintenance"].ToString(); 
      serviceAffect.Value=myRow["Systems/Services_Affected"].ToString(); 
      email_Content.Value= myRow["Email_Content"].ToString(); 
      email_Signature.Value= myRow["Email_Signature"].ToString(); 
      email_From.Value=myRow["Email_From"].ToString(); 
      email_To.Value=myRow["Email_To"].ToString(); 
      email_Cc.Value=myRow["Email_Cc"].ToString(); 
      email_Bcc.Value=myRow["Email_Bcc"].ToString(); 

     } 
    } 
    else 
    { 
     DataSet MyDataSet = new DataSet(); 
     adapter = new SqlDataAdapter("Select * from Customer_Non_Production where [email protected]", cnn); 
     SqlCommandBuilder m_cbCommandBuilder = new SqlCommandBuilder(adapter); 
     cnn.Close(); 
     //SqlCommand cmd = new SqlCommand("Select * from Customer_Production where [email protected]", cnn); 
     adapter.SelectCommand.Parameters.AddWithValue("@cust", cust); 
     adapter.Fill(MyDataSet, "Servers"); 


     foreach (DataRow myRow in MyDataSet.Tables[0].Rows) 
     { 
      custName.Value = myRow["Customer_name"].ToString(); 
      custMaintain.Value = myRow["Customer_Maintenance"].ToString(); 
      serviceAffect.Value = myRow["Systems/Services_Affected"].ToString(); 

      email_Content.Value = myRow["Email_Content"].ToString(); 
      email_Signature.Value = myRow["Email_Signature"].ToString(); 
      email_From.Value = myRow["Email_From"].ToString(); 
      email_To.Value = myRow["Email_To"].ToString(); 
      email_Cc.Value = myRow["Email_Cc"].ToString(); 
      email_Bcc.Value = myRow["Email_Bcc"].ToString(); 

     } 
    }

以下是保存按鈕按一下按鈕(FOR UPDATE命令)

protected void save_click(object sender, EventArgs e) 
{ 
    //Button Click Save 
    /*  String id = "A"; 
    SqlConnection cnn = new SqlConnection(); 
    string connStr = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString; 
    SqlDataAdapter adapter = new SqlDataAdapter(); 
    cnn.ConnectionString = connStr; 
    cnn.Open(); 
    String sql = String.Format("Update Customer_Production set Email_Signature='{0}' where Customer_Name like '{1}'",TextBox1.Text,id); 
    SqlCommand cmd = new SqlCommand(sql, cnn); 

    cmd.ExecuteNonQuery(); 
    */ 
    String cust = "A"; 
    SqlConnection cnn = new SqlConnection(); 
    string connStr = ConfigurationManager.ConnectionStrings["cnn"].ConnectionString; 
    SqlDataAdapter adapter = new SqlDataAdapter(); 
    cnn.ConnectionString = connStr; 
    cnn.Open(); 
    if (env.Value == "Production") 
    { 
     //String sql = String.Format("Update Customer_Production set Customer_Maintenance='{0}',Environment='{1}',[Systems/Services_Affected]='{2}',Email_Content='{3}',Email_Signature='{4}',Email_To='{5}',Email_Cc='{6}',Email_Bcc='{7}',Email_From='{8}' where Customer_Name like '{9}' ", "custMaintain.Value","env.Value","serviceAffect.Value","email_Content.Value","email_To.Value","email_Cc.Value","email_Bcc.Value","email_From.Value", "cust"); 
     String sql = String.Format("Update Customer_Production set Email_Signature='{0}' where Customer_Name like '{1}'", email_Signature.Value,cust); 
     SqlCommand cmd = new SqlCommand(sql, cnn); 
     cmd.ExecuteNonQuery(); 

    } 
    else 
    { 

    } 

}

來源

2014-02-05 Chetan Goenka

+0

不被captn明顯在這裏,但也許'env.Value =「生產」' – Hogan

+0

@Hogan我需要的,爲什麼我已檢查的.. –

+0

你的代碼生成這就是很容易受到SQL注入! 。看到這個http://en.wikipedia.org/wiki/SQL_injection – Trifon

回答

0

我不知道爲什麼在Page_Load具有連接(或不)會有所作爲,但這裏有一件事看起來關對我說:

String.Format(
    "Update Customer_Production set Email_Signature='{0}' where Customer_Name like '{1}'",   
    email_Signature.Value, 
    cust);

(我把它弄壞了成幾行,因爲我很感興趣的部分是格式字符串的最後一部分)。

您之前在該方法中已將cust設置爲「A」。因此,這將導致會看(末)的SQL是這樣的:

... where Customer_Name like 'A'

除非你有一個客戶名稱恰好等於A,這不會返回任何東西,因此沒有記錄將被更新。你忘記了'%'通配符。

我同意所有那些指出你的代碼容易受到SQL注入攻擊(你也會遇到單引號問題),但只是爲了告訴你它需要的樣子,在這裏它是與通配符:

Update Customer_Production set Email_Signature='{0}' where Customer_Name like '{1}%'

來源

2014-02-05 16:16:11

+0

我有一個客戶的名字與答:我想測試它,所以我給了A.但是,它本身並沒有工作。 –

相關問題

 相關問題