我試圖從文本框插入數據到我的數據庫,它引發了一個異常。ASP.Net從文本框插入數據到數據庫
異常詳細信息:System.Data.SqlClient.SqlException:'test'附近的語法不正確。
我之前一些細節提出了我的代碼,但: 叫我的數據庫: 叫我的表數據電影:用戶 我有列如:「名字」,「姓氏」等...
保護無效Register_Click(對象發件人,EventArgs的) { SqlConnection的連接=新的SqlConnection( 「數據源= MICROSOF-58B8A5 \ SQL_SERVER_R2;初始目錄=電影;集成安全性=真」);
connection.Open();
//FirstName***********
string firstName = FirstNameTextBox.Text;
string sqlquery = ("INSERT INTO [Users] (FirstName) VALUES (' " +FirstNameTextBox.Text + " ' ");
SqlCommand command = new SqlCommand(sqlquery , connection);
command.Parameters.AddWithValue("FirstName", firstName);
//LastName************
string lastName = LastNameTextBox.Text;
sqlquery = ("INSERT INTO [Users] (LastName) VALUES (' " + LastNameTextBox.Text+ " ' ");
command.Parameters.AddWithValue("LastName", lastName);
//Username*************
string username = UsernameTextBox.Text;
sqlquery = ("INSERT INTO [Users] (Username) VALUES (' " + UsernameTextBox.Text+ " ' ");
command.Parameters.AddWithValue("UserName", username);
//Password*************
string password = PasswordTextBox.Text;
sqlquery = ("INSERT INTO [Users] (Password) VALUES (' " + PasswordTextBox.Text + " ' ");
command.Parameters.AddWithValue("Password", password);
if (PasswordTextBox.Text == ReTypePassword.Text)
{
command.ExecuteNonQuery();
}
else
{
ErrorLabel.Text = "Sorry, You didnt typed your password correctly. Please type again.";
}
connection.Close();
}
參數將避免危險的SQL注入攻擊。 – dolphy 2011-12-14 18:55:03