1. 首页
  2. 问答
  3. asp.net剃刀

asp.net剃刀

2012-02-28 277 views
0

有与(VAR query4)怎么个APS desn't告诉我任何味精任何问题,但它不能将数据插入到表concerneasp.net剃刀

@{ 
    var userId = Request["UserId"]; 
    var Type = Request["type"]; 
    var db = Database.Open("intranet"); 
    if(Type == "delete") 
    { 

    var query = "UPDATE Personne SET Demande = 'refuser' WHERE UserId = '" + userId + "'"; 
    db.Execute(query); 

    var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'"; 
    db.Execute(query2); 
    } 
    else if(Type == "accepte") 
    { 


     var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'"; 
     db.Execute(query); 

     var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'"; 
     db.Execute(query2); 


     var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'"; 
     db.Execute(query4); 
    } 
}

和whene我做出评论这个代码它的工作原理,以及:

/* var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'"; 
    db.Execute(query); 

    var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'"; 
    db.Execute(query2);*/ 


    var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'"; 
    db.Execute(query4); 
}

来源

2012-02-28 user1233875

+0

**警告**您的代码容易受到sql注入攻击。 – 2012-02-28 00:50:21

+0

是的,我知道它只是一个练习考试^^ – user1233875 2012-02-28 00:55:50

回答

0

您正在删除从DemandeConge涉及到要插入CongeAccept所以当尝试插入查询用户的一切,有没有东西插。更改您的语句和使用参数的顺序:

@{ 
    var userId = Request["UserId"]; 
    var Type = Request["type"]; 
    var db = Database.Open("intranet"); 
    if(Type == "delete") 
    { 

    var query = "UPDATE Personne SET Demande = 'refuser' WHERE UserId = @0"; 
    db.Execute(query, userId); 

    var query2 = "DELETE from DemandeConge where UserId = @0"; 
    db.Execute(query2, userId); 
    } 
    else if(Type == "accepte") 
    { 
     var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = @0"; 
     db.Execute(query, userId); 

     var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = @0"; 
     db.Execute(query4, userId); 

     var query2 = "DELETE from DemandeConge where UserId = @0"; 
     db.Execute(query2, userId); 
    } 
}

来源

2012-02-28 07:13:03

相关问题

 相关问题