English 中文(简体)
ASP.NET/VB.NET: 生成插入命令
原标题:ASP.NET / VB.NET : Generate Insert Command

我所有的形式变量都在我的代码后面, 它们都是用“ 请求. 表格” 检索的。

据我所知,..如果我使用 SQLData 源来做这件事,我不得不使用 ASP.NET 控制器(我不想用) 。

INSERT INTO Orders(FirstName, LastName, Email, PhoneNumber, Address, City, State, ZipCode, PaymentMethod, PromoCode, OrderStatus, Tracking, PPEmail, SubmissionDate) VALUES (@FirstName, @LastName, @Email, @Phone, @Address, @City, @State, 11111, @PaymentMethod ,  0 ,  New Order - Pending ,  0 , @PPEMAIL, @Date)

代码后面

    Dim fPrice As String = CType(Session.Item("Qprice"), String)
    Dim DeviceMake As String = CType(Session.Item("Make"), String)
    Dim PaymentMethod As String = Request.Form("Payment Type")
    Dim DeviceModel As String = CType(Session.Item("Model"), String)
    Dim DeviceCondition As String = CType(Session.Item("Condition"), String)
    Dim SubmissionDate As String = Date.Now.ToString
    Dim FirstName = Request.Form("First")
    Dim LastName = Request.Form("Last")
    Dim City = Request.Form("City")
    Dim Phone = Request.Form("Phone")
    Dim Address = Request.Form("Address")
    Dim State = Request.Form("State")
    Dim Zip = Request.Form("Zip")
    Dim Email = Request.Form("EMail")

是否有一种方法可以让我的变量连接到 SQLDatasource 生成的插图中, 无需手动编码参数?

最佳回答

您可以使用 " "http://msdn.microsoft.com/ en-us/library/ system.web.ui.webcontrols.forparater%28v=vs.80%29.aspx" rel="nofollow"\\code>FormParater 。 这不需要 ASP.NET 控制, 据我所知, 不需要任何 ASP. NET 控制 。

  <asp:sqldatasource
    id="SqlDataSource1"
    runat="server"
    connectionstring="<%$ ConnectionStrings:MyNorthwind %>"
    selectcommand="SELECT CompanyName,ShipperID FROM Shippers"
    insertcommand="INSERT INTO Shippers (CompanyName,Phone) VALUES (@CoName,@Phone)">
      <insertparameters>
        <asp:formparameter name="CoName" formfield="CompanyNameBox" />
        <asp:formparameter name="Phone"  formfield="PhoneBox" />
      </insertparameters>
  </asp:sqldatasource>

特别注意与这一机制有关的微软警报

窗体设计仪不以任何方式验证窗体元素传递的值; 它使用原始值。 在多数情况下, 您可以通过处理一个事件, 如选择、 更新、 插入或删除您正在使用的数据源控制所暴露的事件, 在数据源控制使用前先验证窗体设计仪的值。 如果参数的价值没有通过验证测试, 您可以将相关的取消值类的取消属性设定为真实, 从而取消数据操作 。

时间:2012-05-24 19:49:16
问题回答

您最好强制附加参数。 当您正在从 Form and Assession( ick) 获得您的值时, SQL 参数化将会为您提供一定程度的保护 。

您可能想要探索代码生成( A-la < a href=""http://msdn.microsoft.com/ en- us/library/bb1264.45.aspx" rel="nofollow" >T4

时间:2012-05-24 19:45:42


上一篇:
下一篇:


相关问题
Anyone feel like passing it forward?

I m the only developer in my company, and am getting along well as an autodidact, but I know I m missing out on the education one gets from working with and having code reviewed by more senior devs. ...

时间:2009-11-13 04:17:47 回答:6 展示:1
How to Add script codes before the </body> tag ASP.NET

Heres the problem, In Masterpage, the google analytics code were pasted before the end of body tag. In ASPX page, I need to generate a script (google addItem tracker) using codebehind ClientScript ...

时间:2009-11-13 03:31:36 回答:3 展示:1
Transaction handling with TransactionScope

I am implementing Transaction using TransactionScope with the help this MSDN article http://msdn.microsoft.com/en-us/library/system.transactions.transactionscope.aspx I just want to confirm that is ...

时间:2009-11-05 09:45:28 回答:1 展示:1
System.Web.Mvc.Controller Initialize

i have the following base controller... public class BaseController : Controller { protected override void Initialize(System.Web.Routing.RequestContext requestContext) { if (...

时间:2009-11-05 09:38:39 回答:2 展示:1
Microsoft.Contracts namespace

For what it is necessary Microsoft.Contracts namespace in asp.net? I mean, in what cases I could write using Microsoft.Contracts;?

时间:2009-11-05 09:36:09 回答:2 展示:1
Separator line in ASP.NET

I d like to add a simple separator line in an aspx web form. Does anyone know how? It sounds easy enough, but still I can t manage to find how to do it.. 10x!

时间:2009-11-05 09:27:29 回答:3 展示:1
热门标签

友情链接

Allggapp Alljchome-教程家园 mvfinale.com-影视剧情大结局大全