0
有与(VAR query4)怎么个APS desn't告诉我任何味精任何问题,但它不能将数据插入到表concerneasp.net剃刀
@{
var userId = Request["UserId"];
var Type = Request["type"];
var db = Database.Open("intranet");
if(Type == "delete")
{
var query = "UPDATE Personne SET Demande = 'refuser' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);
}
else if(Type == "accepte")
{
var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);
var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'";
db.Execute(query4);
}
}
和whene我做出评论这个代码它的工作原理,以及:
/* var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);*/
var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'";
db.Execute(query4);
}
**警告**您的代码容易受到sql注入攻击。 – 2012-02-28 00:50:21
是的,我知道它只是一个练习考试^^ – user1233875 2012-02-28 00:55:50