0
有效的例外
我使用多功能面板製造多段工程,並使用access數據庫,並在其中插入一些東西象下面這樣:參數不windowsForm
private void addmoneyPanel_firstLoad()
{
try
{
employee_list.Items.Clear();
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
command.CommandText = "select Ename,Elastname from employee";
OleDbDataReader reader = command.ExecuteReader();
while(reader.Read())
{
employee_list.Items.Add(reader[0].ToString() + " \n" +reader[1].ToString());
}
connection.Close();
/*addMoneyPanelMes.Text = "با موفقیت ذخیره شد.";
addMoneyPanelMes.ForeColor = Color.Green;*/
}
catch (Exception err)
{
addMoneyPanelMes.Text = "خظا در ارتباط با پایگاه داده.";
addMoneyPanelMes.ForeColor = Color.Red;
addMoneyPanelMes.Visible = true;
}
}
private void pictureBox1_Click_1(object sender, EventArgs e)
{
try
{
string TempPrice, TempCheckNum, TempCriditNum;
connection.Open();
OleDbCommand command = new OleDbCommand();
command.Connection = connection;
if(radioButton1.Checked == true)
{
TempPrice = money_price.Text;
TempCheckNum = "0";
TempCriditNum = "0";
}else if(radioButton2.Checked == true)
{
TempPrice = money_price.Text;
TempCheckNum = "0";
TempCriditNum = criditNumber.Text;
}
else
{
TempPrice = money_price.Text;
TempCheckNum = checkNumber.Text;
TempCriditNum = "0";
}
///////////////////////////////split the combo box names
string mainToSplit,id = "";
string[] splited;
mainToSplit = employee_list.SelectedItem.ToString();
splited = mainToSplit.Split('\n');
splited[0] = "" + splited[0].Remove((splited[0].Length-1),1);
command.CommandText = "select id from employee where Ename='" +splited[0]+ "' AND Elastname='" +splited[1]+"'";
OleDbDataReader reader = command.ExecuteReader();
if (reader.Read())
id = reader[0].ToString();
connection.Close();
connection.Open();
OleDbCommand command2 = new OleDbCommand();
command2.Connection = connection;
command2.CommandText = "INSERT INTO realMoney (price,cardnum,checknum,theDate,employeeid,descrip) values(" + Int32.Parse(TempPrice) + "," + Int32.Parse(TempCriditNum) + "," + Int32.Parse(TempCheckNum) + ",#" + dateTimePickerX1.GetSelectedDateInPersianDateTime().ToShortDateString() + "#," + Int32.Parse(id) + ",'" + money_descrip.Text + "')";
command2.ExecuteNonQuery();
connection.Close();
addMoneyPanelMes.Text = "با موفقیت ذخیره شد.";
addMoneyPanelMes.ForeColor = Color.Green;
addMoneyPanelMes.Visible = true;
}
catch(OleDbException h)
{
addMoneyPanelMes.Text = "خظا در ارتباط با پایگاه داده.";
addMoneyPanelMes.ForeColor = Color.Red;
addMoneyPanelMes.Visible = true;
}
}
這2個功能將成功運行,但後我會得到這個部分的「參數無效」例外:
private void timer1_Tick(object sender, EventArgs e)
{
if(pass == 0 || pass == 1)
{
prossespass();
}
DateTime datetime = DateTime.Now;
try
{
time.Text = string.Format("{0:hh:mm:ss}", DateTime.Now); // error here
timesun.Text = datetime.ToString("tt");
}
catch(Exception d)
{ }
}
這是我的項目中的時鐘計時器。所以在返回到主面板時鐘已存在(使主面板可見並隱藏當前面板)時鐘文本框不能設置,我的項目崩潰。 我不知道問題是什麼。 但如果我擦除該部分從我提到的第二個功能:
addMoneyPanelMes.Text = "با موفقیت ذخیره شد.";
addMoneyPanelMes.ForeColor = Color.Green;
addMoneyPanelMes.Visible = true;
或第二函數上述去除插入部分:
connection.Open();
OleDbCommand command2 = new OleDbCommand();
command2.Connection = connection;
command2.CommandText = "INSERT INTO realMoney (price,cardnum,checknum,theDate,employeeid,descrip) values(" + Int32.Parse(TempPrice) + "," + Int32.Parse(TempCriditNum) + "," + Int32.Parse(TempCheckNum) + ",#" + dateTimePickerX1.GetSelectedDateInPersianDateTime().ToShortDateString() + "#," + Int32.Parse(id) + ",'" + money_descrip.Text + "')";
command2.ExecuteNonQuery();
connection.Close();
我有在與數據庫一起使用的其它面板的其它功能,但一起工作就是這樣。謝謝你的幫助。
請學會用[參數化查詢(HTTP: //blog.codinghorror.com/give-me-parameterized-sql-or-give-me-death/)。這種字符串連接對於[SQL注入](http://en.wikipedia.org/wiki/SQL_injection)攻擊是開放的。 –
這是一個個人應用程序,我不怕注射。但感謝您的回放 –
有問題的線路不會在這裏拋出任何東西。但爲了測試真的,我們需要知道你的場所是什麼? – Steve