0
朋友期待您提供以下代碼的暗示。而不是採取dtr1(DatatableReader)它採取外部循環dtr(DataTableReader)表。無法在另一個DataTableReader中讀取DataTableReader
protected void GetStudReport(Object o, EventArgs e)
{
if (mycon.State != ConnectionState.Open)
{
List<string> lstQstn = new List<string>();
mycon.Open();
cmd = new MySqlCommand("SELECT * from scord_mark_table where stu_ID='" + drpDnSearch3.SelectedValue + "'", mycon);
MySqlDataReader rdr1=cmd.ExecuteReader();
DataSet ds=new DataSet();
DataTable dtScrTbl=new DataTable();
dtScrTbl.Load(rdr1);
ds.Tables.Add(dtScrTbl);
rdr1.Close();
cmd = null;
int i = 0;
Dictionary<string, string> dctSub = new Dictionary<string, string>();
**using (DataTableReader dtr = ds.CreateDataReader())**
{
while (dtr.Read())
{
lstQstn.Add(dtr["test_id"].ToString());
while (i <= lstQstn.Count())
{
MySqlCommand cmd2 = new MySqlCommand("SELECT test_id,subject_id from qution_no_table where test_id='" + lstQstn[i].ToString() + "'", mycon);
MySqlDataReader rdr2 = cmd2.ExecuteReader();
DataTable dtQsNoTbl = new DataTable();
dtQsNoTbl.Load(rdr2);
ds.Tables.Add(dtQsNoTbl);
**using (DataTableReader dtr1 = ds.CreateDataReader())**
{
while (dtr1.Read())
{
dctSub.Add(dtr1["test_id"].ToString(), dtr1["subject_id"].ToString()); // **here it is taking table scord_mark_table instead of dtr1's qution_no_table**
}
rdr2.Close();
break;
}
}
//cmd2 = null;
i++;
}
}
你能不能解釋一下什麼是「它」指的是你的第二個句子? –
你的代碼容易受到sql注入攻擊。 –
Mr.Bob,它在代碼 – neo