sri*_*ari 11 c# sql-server asp.net ado.net
当我登录时,我将我的用户名存储在会话中.我的要求是我想将我的用户名存储在我的数据库中.我在这里存储它username1.输入用户名后,我可以使用response.write()它打印并完美打印.但是,当我将它存储在数据库中时,它会产生以下错误:
**sqlException was unhandled by user code and exception at cmd.ExecuteScalar(); String or binary data would be truncated. The statement has been terminated.**
以下是我的ado.net代码:
using (SqlConnection con =
new SqlConnection("Data Source=.;database=testdb1;Integrated Security=SSPI")) {
con.Open();
// SqlCommand cmd = new SqlCommand("delete from fileinfo where ID=" + Convert.ToInt32(Request.Params["one"]), con);
string uname = (string) Session["fname"].ToString() + " " + Session["lname"].ToString(); //Session["fname"].ToString()+" "+Session["lname"].ToString();
// Response.Write(uname);
// uname = "sri hari";
uname = uname + " ";
string uname1 = uname;
uname = uname.Trim();
SqlCommand cmd = new SqlCommand("insert into qry_details values('" + txt_query_name.Text + "','pending for approval','" + txt_query_description.Text + "','" + DateTime.Now.ToString("yyyy-MM-dd") + "','" + qry + "','" + uname1 + "')", con);
cmd.ExecuteScalar();
}
我建议你使用参数化查询.您的代码现在容易受到SQL注入攻击.您还应该ExecuteNonQuery在SQL命令上使用该方法,而不是ExecuteScalar在将值插入数据库时:
var connectionString = "Data Source=.;database=testdb1;Integrated Security=SSPI";
using (SqlConnection con = new SqlConnection(connectionString))
using (SqlCommand cmd = con.CreateCommand())
{
con.Open();
cmd.CommandText = "INSERT INTO qry_details VALUES (@query_name, 'pending for approval', @query_description, @date, @qry, @username)";
cmd.Parameters.AddWithValue("@query_name", txt_query_name.Text);
cmd.Parameters.AddWithValue("@query_description", txt_query_description.Text);
cmd.Parameters.AddWithValue("@date", DateTime.Now);
cmd.Parameters.AddWithValue("@qry", qry);
cmd.Parameters.AddWithValue("@username", uname1);
cmd.ExecuteNonQuery();
}
| 归档时间: |
|
| 查看次数: |
59199 次 |
| 最近记录: |