在asp.net中使用sql命令时,“字段列表”中的未知列“New”
在asp.net中使用sql命令时,“字段列表”中的未知列“New”
提问于 2019-07-29 15:41:12
在更新时,我试图使用GridView更新一个asp.net,我正在传递文本框值,但是我得到了上面的错误。
Label l1 = g1.Rows[e.RowIndex].FindControl("idlbl") as Label;
TextBox t1 = g1.Rows[e.RowIndex].FindControl("typeText") as TextBox;
string orderType = t1.Text;
string Query = @"update app_order_master set order_amt=" + orderType + " where order_id=" + l1.Text;
MySqlCommand cmd = new MySqlCommand(Query);
cmd.Connection = sqlconn;
cmd.ExecuteNonQuery();回答 2
Stack Overflow用户
回答已采纳
发布于 2019-07-29 16:06:48
试着用参数代替
Label l1 = g1.Rows[e.RowIndex].FindControl("idlbl") as Label;
TextBox t1 = g1.Rows[e.RowIndex].FindControl("typeText") as TextBox;
string orderType = t1.Text;
string order_id = l1.Text;
string Query = "update app_order_master set order_amt = @orderType where order_id = @order_id";
MySqlCommand cmd = new MySqlCommand(Query);
cmd.Parameters.Add("@orderType", orderType);
cmd.Parameters.Add("@order_id", order_id);
cmd.Connection = sqlconn;
cmd.ExecuteNonQuery();Stack Overflow用户
发布于 2019-07-29 16:25:17
下面是另一个可能对您有所帮助的示例,其他开发人员已经提到了一个指针--您的原始代码是对SQL注入的探测--如果您搜索它,您可以找到大量关于SQL注入的示例。这是我的方法,可以帮助你。一个小小的代码示例来帮助你。
public void updateProductTbl(string prodBrand, string description, decimal weight, decimal unitwholesaleprice, decimal unitretailprice, string prodImage, string location, string qrcode,
string barcode, string suppliercode, int unitinstock, int unitsonorder, int reorderlevel, bool discontinued, decimal unitofmeasure, string prodcategory, int OldValue)
{
query = @"update Product
SET
prod_band=@prodBrand
,prod_description=@description
,prod_weight=@weight
,prod_perUnitwholesalePrice=@unitwholesaleprice
,prod_perUnitRetailPrice = @unitretailprice
,prod_Image=@prodImage
,prod_location=@location
,prod_QRcode=@qrcode
,prod_barcode=@barcode
,prod_supplierFKCode=@suppliercode
,prod_unitsinstock=@unitinstock
,prod_unitsonorder=@unitonorder
,prod_reorderlevel=@reorderlevel
,prod_discontinued=@discontinued
,prod_unitofmeasure=@unittofmeasure
,prod_category=@prodcategory
where prod_rec_id=@OldValue";
try
{
myConn.Open();
SqlCommand myCommand = new SqlCommand(query, myConn);
myCommand.Parameters.AddWithValue("@prodBrand", prodBrand);
myCommand.Parameters.AddWithValue("@description", description);
myCommand.Parameters.AddWithValue("@weight", weight);
myCommand.Parameters.AddWithValue("@unitwholesaleprice", unitwholesaleprice);
myCommand.Parameters.AddWithValue("@unitretailprice", unitretailprice);
myCommand.Parameters.AddWithValue("@prodImage", prodImage);
myCommand.Parameters.AddWithValue("@location", location);
myCommand.Parameters.AddWithValue("@qrcode", qrcode);
myCommand.Parameters.AddWithValue("@barcode", barcode);
myCommand.Parameters.AddWithValue("@suppliercode", suppliercode);
myCommand.Parameters.AddWithValue("@unitinstock", unitinstock);
myCommand.Parameters.AddWithValue("@unitonorder", unitsonorder);
myCommand.Parameters.AddWithValue("@reorderlevel", reorderlevel);
myCommand.Parameters.AddWithValue("@discontinued", discontinued);
myCommand.Parameters.AddWithValue("@unittofmeasure", unitofmeasure);
myCommand.Parameters.AddWithValue("@prodcategory", prodcategory);
myCommand.Parameters.AddWithValue("@OldValue", OldValue);
status = myCommand.ExecuteNonQuery(); // when ExecuteNonQuery method return 1 or 0 if it have saved to sql db
if (status > 0)
{
MessageBox.Show("Your Data has been updated", "Update Data", MessageBoxButton.OK, MessageBoxImage.Information);
}
}
catch(Exception ex)
{
MessageBox.Show("SQL Error in Product Add method:"+ex.ToString(), "Warning Data not saved", MessageBoxButton.OK, MessageBoxImage.Error);
}
finally
{
myConn.Close();
}
}希望安倍给你一个好的想法,如何进行SQl和通过对口在一个方法。
页面原文内容由Stack Overflow提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://stackoverflow.com/questions/57257207
复制相关文章
相似问题
腾讯云开发者
