1. 首頁
  2. 問答
  3. C#中的ExecuteNonQuery命令錯誤,無法更新數據庫

C#中的ExecuteNonQuery命令錯誤,無法更新數據庫

2016-04-25 117 views
0

這裏是我編寫的用於在我的網站在C#中更改密碼的代碼,但它顯示「ExecuteNonQuery()」命令中的錯誤..我不能更新用新的密碼數據庫...我已經嘗試了許多解決方案,像我有檢查的權限在Windows身份驗證修改「數據庫」文件.. - >代碼在Change.aspx.cs:C#中的ExecuteNonQuery命令錯誤,無法更新數據庫

protected void Button1_Click(object sender, EventArgs e) 
{ 
    OleDbConnection conn = new OleDbConnection(); 
    string connectionString = @"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Lenovo\Desktop\PlacementCell\PlacementCell\Database.mdb"; 
    conn = new OleDbConnection(connectionString); 
    conn.Open(); 

    string str1 = "select * from Student_Login where Password ='" + TextBox1.Text + "'"; 
    OleDbCommand cmd = new OleDbCommand(str1, conn); 
    OleDbDataReader dr = cmd.ExecuteReader(); 

    if (dr.Read()) 
    { 
     OleDbConnection con1 = new OleDbConnection(@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Lenovo\Desktop\PlacementCell\PlacementCell\Database.mdb"); 
     con1.Open(); 
     string str = "UPDATE Student_Login SET Password=" + TextBox3.Text + "where Password= " + TextBox1.Text; 
     using (OleDbCommand cmd1 = new OleDbCommand(str, con1)) 
     { 
      cmd1.ExecuteNonQuery(); 
     } 
     Label1.Visible = true; 
     con1.Close(); 
    } 
    else 
    { 
     Label3.Visible = true; 
    } 
    conn.Close(); 
}

................... error image

來源

2016-04-25 D_Parmar

+0

您在更新聲明末尾缺少雙引號。你能檢查一下嗎? –

回答

0

看來您的現有代碼中存在一些語法問題,s UCH建設你的查詢時,在你的參數值丟失引號和連接你的字符串,如以下行:

string str = "UPDATE Student_Login SET Password='" + TextBox3.Text + "' where Password= " + TextBox1.Text + "'";

這裏的一個更大的問題是,你沒有使用SQL參數,這可能會導致問題,如出現這種情況(並導致SQL注入漏洞)。考慮下面的代碼,這應該解決您先前所有的問題,讓你對任何注射爲主污穢保護:

// Create your connection 
using (var conn = new OleDbConnection(@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Lenovo\Desktop\PlacementCell\PlacementCell\Database.mdb")) 
{ 
    // Build your first query 
    var query = "SELECT * FROM Student_Login WHERE Password = @password"; 
    // Create a command to execute your query 
    using (var cmd = new OleDbCommand(query, conn)) 
    { 
      // Open your connection 
      conn.Open(); 
      // Add your parameter (prevents SQL Injection and syntax issues) 
      cmd.Parameters.AddWithValue("@password", TextBox1.Text); 

      // Execute your query into a reader 
      using (var dr = cmd.ExecuteReader()) 
      { 
        // Go through each row 
        while(dr.Read()) 
        { 
         // Build an update query 
         var updateQuery = "UPDATE Student_LogIn SET Password = @password WHERE Password = @oldPassword"; 
         // Build a new command to execute 
         using (var updateCmd = new OleDbCommand(updateQuery, conn)) 
         { 
          // Set a parameter and execute 
          updateCmd.Parameters.AddWithValue("@password", TextBox3.Text); 
          updateCmd.Parameters.AddWithValue("@oldPassword", TextBox1.Text); 
          // Execute your query 
          updateCmd.ExecuteNonQuery(); 
          Label1.Visible = true; 
         } 
        } 
      } 
    } 
}

您也可以嘗試這個版本,不依賴於命名參數:

// Create your connection 
using (var conn = new OleDbConnection(@"Provider=Microsoft.Jet.OLEDB.4.0;Data Source=C:\Users\Lenovo\Desktop\PlacementCell\PlacementCell\Database.mdb")) 
{ 
    // Build your first query 
    var query = "SELECT * FROM Student_Login WHERE Password = ?"; 
    // Create a command to execute your query 
    using (var cmd = new OleDbCommand(query, conn)) 
    { 
      // Open your connection 
      conn.Open(); 
      // Add your parameter (prevents SQL Injection and syntax issues) 
      cmd.Parameters.AddWithValue("@password", TextBox1.Text); 

      // Execute your query into a reader 
      using (var dr = cmd.ExecuteReader()) 
      { 
        // Go through each row 
        while(dr.Read()) 
        { 
         // Build an update query 
         var updateQuery = "UPDATE Student_LogIn SET Password = ? WHERE Password = ?"; 
         // Build a new command to execute 
         using (var updateCmd = new OleDbCommand(updateQuery, conn)) 
         { 
          // Set a parameter and execute 
          updateCmd.Parameters.AddWithValue("@password", TextBox3.Text); 
          updateCmd.Parameters.AddWithValue("@oldPassword", TextBox1.Text); 
          // Execute your query 
          updateCmd.ExecuteNonQuery(); 
          Label1.Visible = true; 
         } 
        } 
      } 
    } 
}

來源

2016-04-25 17:02:26

+0

我已經試過這個..但再次有同樣的錯誤..! –

+0

您是否使用了我提到的第二種方法?您目前使用的字符串連接永遠不會真的安全,並會導致類似您正在與之戰鬥的問題。 –

+0

我已經嘗試過這也...但它仍然有相同的錯誤.. –

0

您可以嘗試一次...

updateCmd.Parameters.Add(「@ password」,SqlDbType.VarChar); updateCmd.Parameters [「@ password」]。Value = TextBox3.Text;

updateCmd.Parameters.Add(「@ oldPassword」,SqlDbType.VarChar); updateCmd.Parameters [「@ oldPassword」]。Value = TextBox1.Text;

來源

2016-04-26 06:29:39

相關問題

 相關問題