ASP.NET(插入SQL Server数据库中的问题)

本文介绍了ASP.NET(插入SQL Server数据库中的问题)的处理方法，对大家解决问题具有一定的参考价值，需要的朋友们下面随着小编来一起学习吧！ 问题描述

为什么此代码在表的顶部插入一个空记录..

Why this code is inserting one empty record on the top of the table..?

protected void Button1_Click(object sender, EventArgs e) { try { string Register = "INSERT INTO Userregistrationtable(Emailid,Dname,Mobileno,passwd,Gender,City,Area,Postal,Adress,DOB,Uskill,dream,Bestfrnd,Favplace,Favdish,Hobbies,InterestIn) VALUES('" + TextBox1.Text + "','" + TextBox2.Text + "','" + TextBox3.Text + "','" + TextBox4.Text + "','" + RadioButtonList1.SelectedValue + "','" + TextBox6.Text + "','" + TextBox7.Text + "','" + TextBox8.Text + "','" + TextBox21.Text + "','" + TextBox20.Text + "','" + TextBox9.Text + "','" + TextBox10.Text + "','" + TextBox11.Text + "','" + TextBox17.Text + "','" + TextBox18.Text + "','" + TextBox19.Text + "','" + DropDownList4.SelectedValue + "')"; dbClass.ConnectDataBaseToInsert(Register); } catch (Exception a) { } TextBox1.Text = ""; TextBox2.Text = ""; TextBox3.Text = ""; TextBox4.Text = ""; TextBox5.Text = ""; TextBox6.Text = ""; TextBox7.Text = ""; TextBox8.Text = ""; TextBox21.Text = ""; TextBox20.Text = ""; TextBox9.Text = ""; TextBox10.Text = ""; TextBox11.Text = ""; TextBox17.Text = ""; TextBox18.Text = ""; TextBox19.Text = ""; DropDownList4.SelectedIndex=0; }

推荐答案

这有很多问题，我不惊讶它没有做您想要的事情. 1)不要使用VS默认名称-今天您可能还记得TextBox11拥有收藏夹"位置(或者是TextBox17吗?)，但是下周不会使用.请改用明智的名称. 2)不要连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门，这可能会破坏整个数据库.请改用参数化查询. 3)不要捕获错误，然后再忽略它-否则会发生奇怪的事情，而您却不知道为什么.错误表示存在问题:修复或报告问题.永远不要忽略它. 4)切勿以明文形式存储密码-这是主要的安全隐患.这里有一些有关如何执行此操作的信息:密码存储:如何进行 [ ^ ] 5)永远不要假设用户可以输入:检查电子邮件地址是否有效，手机号码是数字而不是粗鲁的消息.依此类推. 执行上述操作，然后重试. There are so many things wrong with that, that I''m not surprised that it doesn''t do what you want. 1) Don''t use VS Default names - You may remember today that TextBox11 holds the Favourite place (or is that TextBox17?) but you won''t next week. Use sensible names instead. 2) Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. 3) Don''t trap an error and then ignore it - or strange things happen and you don''t know why. Errors mean there is a problem: fix it, or report it. Never ignore it. 4) Never store passwords in clear text - it is a major security risk. There is some information on how to do it here: Password Storage: How to do it.[^] 5) Never assume that the user can type: check the email address could be valid, the mobile number is a number rather than a rude message. And so on. Do the above, and then try again.