循環插入問題，重新加載頁面加載？

Question

我試圖實現一個插入語句並使用我的函數在頁面加載中返回。不知道我怎樣才能在同一時間插入我插入到MySQL中一次又一次地退出？

代碼：

public partial class UserProfileWall : System.Web.UI.Page 
{ 
    protected void Page_Load(object sender, EventArgs e) 
    { 
     string theUserId = Session["UserID"].ToString(); 
     using (OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=user_name; Password=password_here;")) 
     { 
      cn.Open(); 
      using (OdbcCommand cmd = new OdbcCommand("SELECT Wallpostings FROM WallPosting WHERE UserID=" + theUserId + " ORDER BY idWallPosting DESC", cn)) 

      using (OdbcDataReader reader = cmd.ExecuteReader()) 
      { 
       var divHtml = new System.Text.StringBuilder(); 
       while (reader.Read()) 
       { 
        divHtml.Append("<div id=test>"); 
        divHtml.Append(String.Format("{0}", reader.GetString(0))); 
        divHtml.Append("</div>"); 
       } 
       test1.InnerHtml = divHtml.ToString(); 
      } 
     } 
    } 

    protected void Button1_Click(object sender, EventArgs e) 
    { 
     string theUserId = Session["UserID"].ToString(); 
     OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=user_name; Password=password_here;"); 
     cn.Open(); 

     OdbcCommand cmd = new OdbcCommand("INSERT INTO WallPosting (UserID, Wallpostings) VALUES (" + theUserId + ", '" + TextBox1.Text + "')", cn); 
     cmd.ExecuteNonQuery(); 
    // { 
    //  using (OdbcCommand md = new OdbcCommand("SELECT Wallpostings FROM WallPosting WHERE UserID=" + theUserId + "", cn)) 

    //  using (OdbcDataReader reader = cmd.ExecuteReader()) 
    //  { 
    //   var divHtml = new System.Text.StringBuilder(); 
    //   while (reader.Read()) 
    //   { 
    //    divHtml.Append("<div id=test>"); 
    //    divHtml.Append(String.Format("{0}", reader.GetString(0))); 
    //    divHtml.Append("</div>"); 
    //   } 
    //   test1.InnerHtml = divHtml.ToString(); 
    //  } 
    // } 
    //} 
} 

我曾嘗試註釋掉線，但我得到了多個插件，並沒有重新加載頁面上。插入頁面載入函數後有沒有簡單的方法？

Answer 1

首先，移動，與塗鴉牆分隔功能填充元素的代碼：

private void PopulateWallPosts(string userId) 
{ 
    using (OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=user_name; Password=password_here;")) 
     { 
     cn.Open(); 
     using (OdbcCommand cmd = new OdbcCommand("SELECT Wallpostings FROM WallPosting WHERE UserID=" + userId) + " ORDER BY idWallPosting DESC", cn)) 
     { 
      using (OdbcDataReader reader = cmd.ExecuteReader()) 
      { 
       var divHtml = new System.Text.StringBuilder(); 
       while (reader.Read()) 
       { 
        divHtml.Append("<div id=test>"); 
        divHtml.Append(String.Format("{0}", reader.GetString(0))); 
        divHtml.Append("</div>"); 
       } 
       test1.InnerHtml = divHtml.ToString(); 
      } 
     } 
    } 
} 

現在把這塊在Page_Load中：

protected void Page_Load(object sender, EventArgs e) 
{ 
    string theUserId = Session["UserID"].ToString(); 
    PopulateWallPosts(theUserId); 
} 

最後插入後叫它新值：

protected void Button1_Click(object sender, EventArgs e) 
{ 
    string theUserId = Session["UserID"].ToString(); 
    using (OdbcConnection cn = new OdbcConnection("Driver={MySQL ODBC 3.51 Driver}; Server=localhost; Database=gymwebsite2; User=user_name; Password=password_here;")) 
    { 
     cn.Open(); 
     using (OdbcCommand cmd = new OdbcCommand("INSERT INTO WallPosting (UserID, Wallpostings) VALUES (" + theUserId + ", '" + TextBox1.Text + "')", cn)) 
     { 
      cmd.ExecuteNonQuery(); 
     } 
    } 
    PopulateWallPosts(theUserId); 
} 

您的評論代碼沒有工作，因爲您執行了再用INSERT INTO命令代替SELECT命令。

無論如何，您最好了解SQL注入並更改您的代碼以使用參數，而不是直接將用戶標識添加到SQL字符串中。