我有3個文本框添加技能,這將進入一個名爲'SkillName'列。 但是,我收到此錯誤。插入多個文本框值到sql數據庫
'System.Web.UI.Control' does not contain a definition for 'Text' and no extension method 'Text' accepting a first argument of type 'System.Web.UI.Control' could be found (are you missing a using directive or an assembly reference?)
但我已經使用該組件使用System.Web.UI.WebControls;
這是我的代碼添加textboxes-
public void InsertSkillInfo()
{
String str = @"Data Source=USER-PC\SQLEXPRESS;Initial Catalog=DBNAME;Integrated Security=True";
SqlConnection conn = new SqlConnection(str);
try
{
for (int i = 1; i <= 3; i++)
{
conn.Open();
**string skill = (Page.FindControl("TextBox" + i.ToString())).Text;**
const string sqlStatement = "INSERT INTO Cert (SkillName) VALUES (@SkillName)";
SqlCommand cmd = new SqlCommand(sqlStatement, conn);
cmd.CommandType = CommandType.Text;
cmd.Parameters["@SkillName"].Value = skill;
cmd.ExecuteNonQuery();
}
}
catch (System.Data.SqlClient.SqlException ex)
{
string msg = "Insert Error:";
msg += ex.Message;
throw new Exception(msg);
}
finally
{
conn.Close();
}
}
謝謝..但現在不受此SqlParameterCollection – Girish 2012-07-26 09:49:24
附近所含的與參數的SqlParameter的示值誤差與參數名稱 '@SkillName' 這是非常開放給SQL注入攻擊。如果有人輸入了一個叫做''的技能,會發生什麼情況] go drop table Cert go --'? – mdm 2012-07-26 10:03:51