在 asp.net 中使用 sql 命令时 'field list' 中的未知列 'New'
Unknown column 'New' in 'field list' while using sql command in the asp.net
我在更新时尝试使用 asp.net 更新 GridView 我正在传递文本框值,但出现上述错误。
Label l1 = g1.Rows[e.RowIndex].FindControl("idlbl") as Label;
TextBox t1 = g1.Rows[e.RowIndex].FindControl("typeText") as TextBox;
string orderType = t1.Text;
string Query = @"update app_order_master set order_amt=" + orderType + " where order_id=" + l1.Text;
MySqlCommand cmd = new MySqlCommand(Query);
cmd.Connection = sqlconn;
cmd.ExecuteNonQuery();
尝试改用参数
Label l1 = g1.Rows[e.RowIndex].FindControl("idlbl") as Label;
TextBox t1 = g1.Rows[e.RowIndex].FindControl("typeText") as TextBox;
string orderType = t1.Text;
string order_id = l1.Text;
string Query = "update app_order_master set order_amt = @orderType where order_id = @order_id";
MySqlCommand cmd = new MySqlCommand(Query);
cmd.Parameters.Add("@orderType", orderType);
cmd.Parameters.Add("@order_id", order_id);
cmd.Connection = sqlconn;
cmd.ExecuteNonQuery();
这是另一个可能对您有帮助的示例,其他开发人员提到您的原始代码的指针是对 SQL 注入的探测,如果您 bing 搜索此内容,有大量示例你可以找到 SQL 注入是什么。这是我的方法,可能会对您有所帮助。一个小代码示例来帮助您。
public void updateProductTbl(string prodBrand, string description, decimal weight, decimal unitwholesaleprice, decimal unitretailprice, string prodImage, string location, string qrcode,
string barcode, string suppliercode, int unitinstock, int unitsonorder, int reorderlevel, bool discontinued, decimal unitofmeasure, string prodcategory, int OldValue)
{
query = @"update Product
SET
prod_band=@prodBrand
,prod_description=@description
,prod_weight=@weight
,prod_perUnitwholesalePrice=@unitwholesaleprice
,prod_perUnitRetailPrice = @unitretailprice
,prod_Image=@prodImage
,prod_location=@location
,prod_QRcode=@qrcode
,prod_barcode=@barcode
,prod_supplierFKCode=@suppliercode
,prod_unitsinstock=@unitinstock
,prod_unitsonorder=@unitonorder
,prod_reorderlevel=@reorderlevel
,prod_discontinued=@discontinued
,prod_unitofmeasure=@unittofmeasure
,prod_category=@prodcategory
where prod_rec_id=@OldValue";
try
{
myConn.Open();
SqlCommand myCommand = new SqlCommand(query, myConn);
myCommand.Parameters.AddWithValue("@prodBrand", prodBrand);
myCommand.Parameters.AddWithValue("@description", description);
myCommand.Parameters.AddWithValue("@weight", weight);
myCommand.Parameters.AddWithValue("@unitwholesaleprice", unitwholesaleprice);
myCommand.Parameters.AddWithValue("@unitretailprice", unitretailprice);
myCommand.Parameters.AddWithValue("@prodImage", prodImage);
myCommand.Parameters.AddWithValue("@location", location);
myCommand.Parameters.AddWithValue("@qrcode", qrcode);
myCommand.Parameters.AddWithValue("@barcode", barcode);
myCommand.Parameters.AddWithValue("@suppliercode", suppliercode);
myCommand.Parameters.AddWithValue("@unitinstock", unitinstock);
myCommand.Parameters.AddWithValue("@unitonorder", unitsonorder);
myCommand.Parameters.AddWithValue("@reorderlevel", reorderlevel);
myCommand.Parameters.AddWithValue("@discontinued", discontinued);
myCommand.Parameters.AddWithValue("@unittofmeasure", unitofmeasure);
myCommand.Parameters.AddWithValue("@prodcategory", prodcategory);
myCommand.Parameters.AddWithValue("@OldValue", OldValue);
status = myCommand.ExecuteNonQuery(); // when ExecuteNonQuery method return 1 or 0 if it have saved to sql db
if (status > 0)
{
MessageBox.Show("Your Data has been updated", "Update Data", MessageBoxButton.OK, MessageBoxImage.Information);
}
}
catch(Exception ex)
{
MessageBox.Show("SQL Error in Product Add method:"+ex.ToString(), "Warning Data not saved", MessageBoxButton.OK, MessageBoxImage.Error);
}
finally
{
myConn.Close();
}
}
希望 abe 能为您提供有关如何着手 SQl 和在方法中传递参数的好主意。
我在更新时尝试使用 asp.net 更新 GridView 我正在传递文本框值,但出现上述错误。
Label l1 = g1.Rows[e.RowIndex].FindControl("idlbl") as Label;
TextBox t1 = g1.Rows[e.RowIndex].FindControl("typeText") as TextBox;
string orderType = t1.Text;
string Query = @"update app_order_master set order_amt=" + orderType + " where order_id=" + l1.Text;
MySqlCommand cmd = new MySqlCommand(Query);
cmd.Connection = sqlconn;
cmd.ExecuteNonQuery();
尝试改用参数
Label l1 = g1.Rows[e.RowIndex].FindControl("idlbl") as Label;
TextBox t1 = g1.Rows[e.RowIndex].FindControl("typeText") as TextBox;
string orderType = t1.Text;
string order_id = l1.Text;
string Query = "update app_order_master set order_amt = @orderType where order_id = @order_id";
MySqlCommand cmd = new MySqlCommand(Query);
cmd.Parameters.Add("@orderType", orderType);
cmd.Parameters.Add("@order_id", order_id);
cmd.Connection = sqlconn;
cmd.ExecuteNonQuery();
这是另一个可能对您有帮助的示例,其他开发人员提到您的原始代码的指针是对 SQL 注入的探测,如果您 bing 搜索此内容,有大量示例你可以找到 SQL 注入是什么。这是我的方法,可能会对您有所帮助。一个小代码示例来帮助您。
public void updateProductTbl(string prodBrand, string description, decimal weight, decimal unitwholesaleprice, decimal unitretailprice, string prodImage, string location, string qrcode,
string barcode, string suppliercode, int unitinstock, int unitsonorder, int reorderlevel, bool discontinued, decimal unitofmeasure, string prodcategory, int OldValue)
{
query = @"update Product
SET
prod_band=@prodBrand
,prod_description=@description
,prod_weight=@weight
,prod_perUnitwholesalePrice=@unitwholesaleprice
,prod_perUnitRetailPrice = @unitretailprice
,prod_Image=@prodImage
,prod_location=@location
,prod_QRcode=@qrcode
,prod_barcode=@barcode
,prod_supplierFKCode=@suppliercode
,prod_unitsinstock=@unitinstock
,prod_unitsonorder=@unitonorder
,prod_reorderlevel=@reorderlevel
,prod_discontinued=@discontinued
,prod_unitofmeasure=@unittofmeasure
,prod_category=@prodcategory
where prod_rec_id=@OldValue";
try
{
myConn.Open();
SqlCommand myCommand = new SqlCommand(query, myConn);
myCommand.Parameters.AddWithValue("@prodBrand", prodBrand);
myCommand.Parameters.AddWithValue("@description", description);
myCommand.Parameters.AddWithValue("@weight", weight);
myCommand.Parameters.AddWithValue("@unitwholesaleprice", unitwholesaleprice);
myCommand.Parameters.AddWithValue("@unitretailprice", unitretailprice);
myCommand.Parameters.AddWithValue("@prodImage", prodImage);
myCommand.Parameters.AddWithValue("@location", location);
myCommand.Parameters.AddWithValue("@qrcode", qrcode);
myCommand.Parameters.AddWithValue("@barcode", barcode);
myCommand.Parameters.AddWithValue("@suppliercode", suppliercode);
myCommand.Parameters.AddWithValue("@unitinstock", unitinstock);
myCommand.Parameters.AddWithValue("@unitonorder", unitsonorder);
myCommand.Parameters.AddWithValue("@reorderlevel", reorderlevel);
myCommand.Parameters.AddWithValue("@discontinued", discontinued);
myCommand.Parameters.AddWithValue("@unittofmeasure", unitofmeasure);
myCommand.Parameters.AddWithValue("@prodcategory", prodcategory);
myCommand.Parameters.AddWithValue("@OldValue", OldValue);
status = myCommand.ExecuteNonQuery(); // when ExecuteNonQuery method return 1 or 0 if it have saved to sql db
if (status > 0)
{
MessageBox.Show("Your Data has been updated", "Update Data", MessageBoxButton.OK, MessageBoxImage.Information);
}
}
catch(Exception ex)
{
MessageBox.Show("SQL Error in Product Add method:"+ex.ToString(), "Warning Data not saved", MessageBoxButton.OK, MessageBoxImage.Error);
}
finally
{
myConn.Close();
}
}
希望 abe 能为您提供有关如何着手 SQl 和在方法中传递参数的好主意。