-2
我试图插入记录到SQL Server 2014数据库使用asp.net与C#。在cnet中使用会话在aspnet中插入记录在SQL Server数据库#
我已经为我的gridview的数据来实现会话,我想那会插入到数据库中,但是当我点击按钮“书”,只有最上面的网址变更
数据库:
记录中,无法插入到数据库中,也没有我的标签(Errorm)转化成GG,提前
感谢.aspx文件:
<%@ Page Title="" Language="C#" MasterPageFile="~/Main.Master" AutoEventWireup="true" CodeBehind="hotels.aspx.cs" Inherits="Hotel_Mangement.hotels" %>
<asp:Content ID="Content1" ContentPlaceHolderID="hotels" runat="server">
<div class="destinations">
<div class="destination-head">
<div class="wrap">
<h3>Hotels</h3>
</div>
<!---End-destinatiuons---->
<div class="find-place dfind-place">
<div class="wrap">
<div class="p-h">
<span>FIND YOUR</span>
<label>HOTEL</label>
</div>
<!---strat-date-piker---->
<script src="http://code.jquery.com/ui/1.9.2/jquery-ui.js"></script>
<script>
$(function() {
$("#<%= txtstart.ClientID %>").datepicker();
});
</script>
<!---/End-date-piker---->
<!---strat-date-piker---->
<script src="http://code.jquery.com/ui/1.9.2/jquery-ui.js"></script>
<script>
$(function() {
$("#<%= txtend.ClientID %>").datepicker();
});
</script>
<!---/End-date-piker---->
<div class="p-ww">
<form>
<span> City or Area</span>
<asp:DropDownList ID="dl1" runat="server" class="dest" required="This field cannot be blank">
<asp:ListItem Selected="True">Location</asp:ListItem>
<asp:ListItem>Mumbai</asp:ListItem>
<asp:ListItem>Goa</asp:ListItem>
<asp:ListItem>Delhi</asp:ListItem>
<asp:ListItem>Ahmedabad</asp:ListItem>
<asp:ListItem>Jammu</asp:ListItem>
<asp:ListItem>Jharkhand</asp:ListItem>
<asp:ListItem>Kerala</asp:ListItem>
<asp:ListItem>Bhuj</asp:ListItem>
<asp:ListItem>Bengaluru</asp:ListItem>
<asp:ListItem>Kalyan</asp:ListItem>
</asp:DropDownList><br />
<br /><span> Check-in</span>
<asp:TextBox ID="txtstart" runat="server" class="date" required="This field cannot be blank"></asp:TextBox>
<span> Check-out</span>
<asp:TextBox ID="txtend" runat="server" class="date" required="This field cannot be blank"></asp:TextBox><br /> <br />
<span> Number of rooms</span>
<asp:DropDownList ID="dlrooms" runat="server" required="This field cannot be blank">
<asp:ListItem Selected="True">Select number of rooms</asp:ListItem>
<asp:ListItem>1</asp:ListItem>
<asp:ListItem>2</asp:ListItem>
<asp:ListItem>3</asp:ListItem>
<asp:ListItem>4</asp:ListItem>
</asp:DropDownList><br /><br />
<span> Number of members</span>
<asp:DropDownList ID="dlmumbers" runat="server" required="This field cannot be blank">
<asp:ListItem Selected="True">Select number of members per room</asp:ListItem>
<asp:ListItem>1</asp:ListItem>
<asp:ListItem>2</asp:ListItem>
<asp:ListItem>3</asp:ListItem>
<asp:ListItem>4</asp:ListItem>
<asp:ListItem>5</asp:ListItem>
<asp:ListItem>6</asp:ListItem>
</asp:DropDownList>
<br /> <br />
<asp:Button ID="Button1" runat="server" Text="Search" OnClick="Button1_Click" />
</form>
</div>
<div class="clear"> </div>
</div>
</div>
<!----//End-find-place---->
</div>
<div class="criuse-main">
<div class="wrap">
<div class="criuse-head1">
<h3>CHEAPEST HOTELS</h3>
</div>
</div>
</div>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString='<%$ ConnectionStrings:RegisterConnectionString15 %>' SelectCommand="SELECT * FROM [hotels_main]"></asp:SqlDataSource>
<asp:Repeater ID="Repeater1" runat="server" DataSourceID="SqlDataSource1" >
<ItemTemplate>
<div ID="div1" runat="server">
<div class="criuse-main" >
<div class="wrap">
<div class="criuse-grids">
<div class="criuse-grid">
<div class="criuse-grid-head">
<div class="criuse-img">
<div class="criuse-pic">
<asp:Image ID="Image1" runat="server" ImageUrl='<%#Eval("ImagePath") %>' Height="350px" width="1000px"/>
</div>
<div class="criuse-pic-info">
<div class="criuse-pic-info-top">
<div class="criuse-pic-info-top-weather">
<p>33<label>o</label><i>c</i><span> </span></p>
</div>
<div class="criuse-pic-info-top-place-name">
<h2><span><%#Eval("hotel_location") %></span></h2>
</div>
</div>
<div class="criuse-pic-info-price">
<p><span>Starting From</span> <h4><%#Eval("price") %> $</h4></p>
</div>
</div>
</div>
<div class="criuse-info">
<div class="criuse-info-left">
<ul>
<li><a class="c-hotel" href="#"><span> </span><%#Eval("rooms_available") %></a></li>
<li><a class="c-air" href="flight.aspx"><span> </span> Air Ticket</a></li>
<li><a class="c-fast" href="#"><span> </span> Guest per room:<%#Eval("max_guest") %></a></li>
<li><a class="c-car" href="#"><span> </span> Car for All transfers</a></li>
<div class="clear"> </div>
</ul>
</div>
<div class="clear"> </div>
</div>
</div>
<div class="criuse-grid-info">
<h1> <a href="hotels_main.aspx?id=<%#Eval("hotel_id") %>" ><%#Eval("hotel_name") %></a></h1>
<p><%#Eval("s_desc") %> </p>
</div>
</div>
</div>
</div>
</div>
</div>
</ItemTemplate>
</asp:Repeater>
<center>
<div>
<asp:GridView ID="GridView1" runat="server" CellPadding="4" ForeColor="#333333" GridLines="None" class="myGridClass" AutoGenerateColumns="False">
<AlternatingRowStyle BackColor="White" />
<EditRowStyle BackColor="#7C6F57" />
<FooterStyle BackColor="#1C5E55" Font-Bold="True" ForeColor="White" />
<HeaderStyle BackColor="#1C5E55" Font-Bold="True" ForeColor="White" />
<PagerStyle BackColor="#666666" ForeColor="White" HorizontalAlign="Center" />
<RowStyle BackColor="#E3EAEB" />
<SelectedRowStyle BackColor="#C5BBAF" Font-Bold="True" ForeColor="#333333" />
<SortedAscendingCellStyle BackColor="#F8FAFA" />
<SortedAscendingHeaderStyle BackColor="#246B61" />
<SortedDescendingCellStyle BackColor="#D4DFE1" />
<SortedDescendingHeaderStyle BackColor="#15524A" />
<Columns>
<asp:TemplateField HeaderText="HotelName">
<ItemTemplate>
<asp:Label ID="lblhotelname" runat="server" Text='<%# Bind("hotel_name") %>' ></asp:Label>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="HotelLocation">
<ItemTemplate>
<asp:Label ID="lblhotellocation" runat="server" Text='<%# Bind("hotel_location") %>' ></asp:Label>
</ItemTemplate>
</asp:TemplateField>
<asp:TemplateField HeaderText="Price">
<ItemTemplate>
<asp:Label ID="lblprice" runat="server" Text='<%# Bind("price") %>' ></asp:Label>
</ItemTemplate>
</asp:TemplateField>
</Columns>
</asp:GridView>
<asp:Label ID="Label1" runat="server" Text="Label" Visible="False"></asp:Label>
<br />
<form>
<asp:Button ID="book" runat="server" Text="Book now" class="d-next" OnClick="book_Click" />
</form>
<asp:Label ID="lprice" runat="server" Text="Label" Visible="False"></asp:Label>
<asp:Label ID="lcheckin" runat="server" Text="Label" Visible="False"></asp:Label>
<asp:Label ID="lcheckout" runat="server" Text="Label" Visible="False"></asp:Label>
<asp:Label ID="lmembers" runat="server" Text="Label" Visible="False"></asp:Label>
<asp:Label ID="lrooms" runat="server" Text="Label" Visible="False"></asp:Label>
<br />
<asp:Label ID="Errorm" runat="server" Text="Label"></asp:Label>
</div>
</center>
</div>
</asp:Content>
.aspx.cs后台代码:
using System;
using System.Collections.Generic;
using System.Linq;
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data;
using System.Data.SqlClient;
namespace Hotel_Mangement
{
public partial class hotels : System.Web.UI.Page
{
SqlConnection con = new SqlConnection(@"Data Source=RISHIK\SQLEXPRESS;Initial Catalog=Register;Integrated Security=True");
protected void Page_Load(object sender, EventArgs e)
{
GridView1.Visible = false;
/*div1.Visible = true; */
con.Open();
SqlCommand cmd = con.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "select * from hotels_main";
cmd.ExecuteNonQuery();
DataTable dt = new DataTable();
SqlDataAdapter da = new SqlDataAdapter(cmd);
da.Fill(dt);
con.Close();
book.Visible = false;
}
protected void Button1_Click(object sender, EventArgs e)
{
string query = "select hotel_name, hotel_location ,price from hotels_main where hotel_location='" + dl1.Text + "' ";
SqlDataAdapter da = new SqlDataAdapter(query, con);
DataSet ds = new DataSet();
da.Fill(ds);
GridView1.DataSource = ds;
GridView1.DataBind();
GridView1.Visible=true;
con.Close();
if (ds.Tables[0].Rows.Count == 0)
{
Label1.Visible = true;
Label1.Text = "No data found";
book.Visible = false;
}
else
{
/* div1.Visible = true;*/
Label1.Visible = false;
book.Visible = true;
DataTable dt = new DataTable();
DataRow dr;
dt.Columns.Add(new System.Data.DataColumn("HotelName", typeof(String)));
dt.Columns.Add(new System.Data.DataColumn("HotelLocation", typeof(String)));
dt.Columns.Add(new System.Data.DataColumn("Price", typeof(String)));
foreach (GridViewRow row in GridView1.Rows)
{
Label lblhotelname = (Label)row.FindControl("lblhotelname");
Session["hotelname"] = lblhotelname.Text;
Label lblhotellocation = (Label)row.FindControl("lblhotellocation");
Session["hotelocation"] = lblhotellocation.Text;
Label lblprice = (Label)row.FindControl("lblprice");
Session["price"] = lblprice.Text;
dr = dt.NewRow();
dr[0] = lblhotelname.Text;
dr[1] = lblhotellocation.Text;
dr[2] = lblprice.Text;
dt.Rows.Add(dr);
}
Session["check_in"] = txtstart.Text.ToString();
Session["check_out"] = txtend.Text.ToString();
}
}
/*private void SendGridInfo()
{
}
Session["GridData"] = dt; Response.Redirect("WebForm2.aspx");
} */
protected void book_Click(object sender, EventArgs e)
{
con.Open();
string insertQuery = "Insert into hotelbook_details values('" + Session["USER_ID"].ToString() + "','" + Session["hotelname"].ToString() + "','" + Session["hotelocation"].ToString() + "','" + Session["check_in"].ToString() + "','" + Session["check_out"].ToString() + "','" + Session["price"].ToString() + "')";
SqlCommand cmd1 = new SqlCommand(insertQuery, con);
cmd1.ExecuteNonQuery();
con.Close();
Errorm.Text = "gg";
}
}
}
不要存储'SqlConnection'或其他任何实现[IDisposable](https://msdn.microsoft.com/en-us/library/system.idisposable(v = vs.110)的.aspx)。这只是要求错误和泄漏资源。阅读我提供的链接。 – mason
队友,离开和错误其大学项目,这里的人不知道Sql注入攻击,所以这个Idisposble是太大,他们不明白,真的非常感谢信息tho –
不管它是否是一个大学项目或没有。你有没有计划在大学毕业后编程?我没有告诉你,所以你可以在你的项目上得到一个A.这一点很重要。它与SQL注入攻击无关,尽管这些也很重要。你正在泄漏资源。很难诊断代码中的错误。同样效率低下。花时间现在学习,不要让它成为屁股上的东西,让你在毕业后感到尴尬。 – mason