发表新帖
发表新帖

Inserting new values in database Asp .Net

前端 未结
关注
4 1869
Happy的楠姐
Happy的楠姐 2020-12-21 19:31

I have a code for inserting values in ASP.net using vb. I\'m having problem with my code says login failed, cannot open database.

Dim struser, strpass, strem
4条回答
  • 离开以前
    离开以前 (楼主)
    2020-12-21 20:06

    Warning : You are giving rise to SQL Injection in your code.

    Sample Stored Procedure

    Create Proc ProcedureName
@UserName Varchar(50),
@Password Varchar(50),
@Email Varchar(50)
As
SET NOCOUNT ON
SET XACT_ABORT ON

Begin Try
    Begin Tran
        Insert into Account (Username,Password, Email)
        Values(@UserName, @Password, @Email)
    Commit Tran 
End Try

Begin Catch
    Rollback Tran
End Catch

    Sample code in C Sharp

    private void InsertRecord()
{
    String struser = string.Empty, strpass = string.Empty, stremail = string.Empty;
    using (SqlConnection con = new SqlConnection("Your Connection String"))
    {
        using (SqlCommand cmd = new SqlCommand())
        {
            cmd.Connection = con;
            cmd.CommandType = System.Data.CommandType.StoredProcedure;
            cmd.CommandText = "Your Stored Procedure name";
            SqlParameter[] param = new SqlParameter[3];
            param[0].Direction = System.Data.ParameterDirection.Input;
            param[0].ParameterName = "UserName";
            param[0].Value = struser;
            cmd.Parameters.Add(param[0]);

            param[1].Direction = System.Data.ParameterDirection.Input;
            param[1].ParameterName = "Password";
            param[1].Value = strpass;
            cmd.Parameters.Add(param[1]);

            param[2].Direction = System.Data.ParameterDirection.Input;
            param[2].ParameterName = "Email";
            param[2].Value = stremail;
            cmd.Parameters.Add(param[2]);

            cmd.ExecuteNonQuery();
        }
    }
}

    Sample Code in VB.Net

    Private Sub InsertRecord()
    Dim struser As [String] = String.Empty, strpass As [String] = String.Empty, stremail As [String] = String.Empty
    Using con As New SqlConnection("Your Connection String")
        Using cmd As New SqlCommand()
            cmd.Connection = con
            cmd.CommandType = System.Data.CommandType.StoredProcedure
            cmd.CommandText = "Your Stored Procedure name"
            Dim param As SqlParameter() = New SqlParameter(2) {}
            param(0).Direction = System.Data.ParameterDirection.Input
            param(0).ParameterName = "UserName"
            param(0).Value = struser
            cmd.Parameters.Add(param(0))

            param(1).Direction = System.Data.ParameterDirection.Input
            param(1).ParameterName = "Password"
            param(1).Value = strpass
            cmd.Parameters.Add(param(1))

            param(2).Direction = System.Data.ParameterDirection.Input
            param(2).ParameterName = "Email"
            param(2).Value = stremail
            cmd.Parameters.Add(param(2))

            cmd.ExecuteNonQuery()
        End Using
    End Using
End Sub

    0 讨论(0)
 看不清?
提交回复
热议问题