Ace*_*ter 1 c# sql-server asp.net visual-studio
我正在运行DbDataReader查询以从下拉列表中删除项目,如果它们已经附加到特定提交,并且我一直收到错误,告诉我读者已关闭.无法理解为什么我的读者被视为关闭在这里.我错过了什么?
protected void Page_Load(object sender, EventArgs e)
{
string x = Request.QueryString["SubId"];
string connectionString = System.Configuration.ConfigurationManager.
ConnectionStrings["MyConnectionString"].ConnectionString;
string displayQuery = "SELECT CustName, CustAdd, CustCity, CustState, " +
"CustZip FROM Customer WHERE SubId =" + x;
string broQuery = "SELECT EntityType FROM Broker WHERE SubId =" + x;
string ddlQuery = "SELECT ProductId FROM SubmissionProducts " +
"WHERE SubmissionId =" + x;
using (SqlConnection displayConn = new SqlConnection(connectionString))
{
displayConn.Open();
SqlCommand DlistCmd = new SqlCommand(ddlQuery, displayConn);
using (SqlDataReader Ddldr = DlistCmd.ExecuteReader())
{
while (Ddldr.Read())
{
switch (Ddldr.GetInt32(0))
{
case 1:
DdlProductList.Items.RemoveAt(1);
break;
case 2:
DdlProductList.Items.RemoveAt(2);
break;
case 3:
DdlProductList.Items.RemoveAt(3);
break;
case 4:
DdlProductList.Items.RemoveAt(4);
break;
case 5:
DdlProductList.Items.RemoveAt(5);
break;
case 6:
DdlProductList.Items.RemoveAt(6);
break;
case 7:
DdlProductList.Items.RemoveAt(7);
break;
default:
break;
}
Ddldr.Close();
}
}
不要打电话Ddldr.Close();,特别是在里面while.这样你就可以进行第一次迭代,关闭阅读器,第二次迭代当然会在阅读器关闭时进行.该using声明将照顾它.只需从代码中删除此行即可.
所以:
using (SqlDataReader Ddldr = DlistCmd.ExecuteReader())
{
while (Ddldr.Read())
{
switch (Ddldr.GetInt32(0))
{
... your cases here
default:
break;
}
}
}
还有以下几行:
string x = Request.QueryString["SubId"];
string displayQuery = "SELECT CustName, CustAdd, CustCity, CustState, CustZip FROM Customer WHERE SubId =" + x;
string broQuery = "SELECT EntityType FROM Broker WHERE SubId =" + x;
string ddlQuery = "SELECT ProductId FROM SubmissionProducts WHERE SubmissionId =" + x;
像一堆s..t.您应该使用参数化查询,绝对不会编写任何类似的代码,否则您的应用程序将容易受到SQL注入攻击.每次在编写SQL查询时都使用字符串连接,警报应该响铃告诉您错误.
所以这是正确的方法:
protected void Page_Load(object sender, EventArgs e)
{
string x = Request.QueryString["SubId"];
string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings["MyConnectionString"].ConnectionString;
using (var conn = new SqlConnection(connectionString))
using (var cmd = conn.CreateCommand())
{
conn.Open();
cmd.CommandText = "SELECT ProductId FROM SubmissionProducts WHERE SubmissionId = @SubmissionId";
cmd.Parameters.AddWithValue("@SubmissionId", x)
using (var reader = cmd.ExecuteReader())
{
while (Ddldr.Read())
{
switch (reader.GetInt32(reader.GetOrdinal("ProductId")))
{
... your cases here
default:
break;
}
}
}
}
}