0
有與(VAR query4)怎麼個APS desn't告訴我任何味精任何問題,但它不能將數據插入到表concerneasp.net剃刀
@{
var userId = Request["UserId"];
var Type = Request["type"];
var db = Database.Open("intranet");
if(Type == "delete")
{
var query = "UPDATE Personne SET Demande = 'refuser' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);
}
else if(Type == "accepte")
{
var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);
var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'";
db.Execute(query4);
}
}
和whene我做出評論這個代碼它的工作原理,以及:
/* var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);*/
var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'";
db.Execute(query4);
}
**警告**您的代碼容易受到sql注入攻擊。 – 2012-02-28 00:50:21
是的,我知道它只是一個練習考試^^ – user1233875 2012-02-28 00:55:50