-1
protected void Page_Load(object sender, EventArgs e)
{
txtHidden.Text = Request.QueryString["YKcode"];
Display();
}
private void Display()
{
SqlDataReader reader;
SqlConnection con = new SqlConnection("Data Source=Localhost;Initial Catalog=MLC000022;User ID=sa;Password=Adama6DaY; Integrated Security=True");
SqlCommand cmd = new SqlCommand("SELECT " + " dbo.GMYAKU.NAME, " +"FROM " +
" dbo.GMYAKU " + " WHERE " +
" (dbo.GMYAKU.YKCODE = ('" + txtHidden.Text + "'))",con) ;
con.Open();
reader = cmd.ExecuteReader();
if (reader.Read())
{
this.TextBox1.Text = reader["NAME"].ToString();
}
else
{
// 読めないので畫面を初期化する
}
cmd.Connection.Close();
cmd.Dispose();
con.Close();
}
protected void Button1_Click(object sender, EventArgs e)
{
string connetionString = null;
SqlConnection cnn;
SqlCommand cmd;
connetionString = ("Data Source=Localhost;Initial Catalog=MLC000022;User ID=sa;Password=redacted; Integrated Security=True");
string strSQL ;
strSQL = "UPDATE GMYAKU SET";
strSQL += " NAME = '" + (TextBox1.Text) + "'";
strSQL += " WHERE";
strSQL += " YKCODE= '" + txtHidden.Text + "'";
cnn = new SqlConnection(connetionString);
try
{
cnn.Open();
cmd = new SqlCommand(strSQL, cnn);
cmd.ExecuteNonQuery();
cmd.Dispose();
// cnn.Close();
//MessageBox.Show(" ExecuteNonQuery in SqlCommand executed !!");
}
catch (Exception ex)
{
// MessageBox.Show("Can not open connection ! ");
}
Response.Redirect("Default.aspx");
}
你不妨重新格式化這個並添加一些上下文。 – seanyboy 2009-10-15 07:50:14
你應該閱讀一些關於sql注入http://en.wikipedia.org/wiki/SQL_injection – empi 2009-10-15 07:53:48
你在更新聲明中使用了錯誤的密碼。我認爲正確的密碼是「Adama6DaY」。但是你在默默地捕捉並拋開開放的異常,所以你永遠不會知道。 – 2009-10-15 07:55:07