我有3个文本框添加技能,这将进入一个名为'SkillName'列。 但是,我收到此错误。插入多个文本框值到sql数据库
'System.Web.UI.Control' does not contain a definition for 'Text' and no extension method 'Text' accepting a first argument of type 'System.Web.UI.Control' could be found (are you missing a using directive or an assembly reference?)
但我已经使用该组件使用System.Web.UI.WebControls;
这是我的代码添加textboxes-
public void InsertSkillInfo()
{
String str = @"Data Source=USER-PC\SQLEXPRESS;Initial Catalog=DBNAME;Integrated Security=True";
SqlConnection conn = new SqlConnection(str);
try
{
for (int i = 1; i <= 3; i++)
{
conn.Open();
**string skill = (Page.FindControl("TextBox" + i.ToString())).Text;**
const string sqlStatement = "INSERT INTO Cert (SkillName) VALUES (@SkillName)";
SqlCommand cmd = new SqlCommand(sqlStatement, conn);
cmd.CommandType = CommandType.Text;
cmd.Parameters["@SkillName"].Value = skill;
cmd.ExecuteNonQuery();
}
}
catch (System.Data.SqlClient.SqlException ex)
{
string msg = "Insert Error:";
msg += ex.Message;
throw new Exception(msg);
}
finally
{
conn.Close();
}
}
谢谢..但现在不受此SqlParameterCollection – Girish 2012-07-26 09:49:24
附近所含的与参数的SqlParameter的示值误差与参数名称 '@SkillName' 这是非常开放给SQL注入攻击。如果有人输入了一个叫做''的技能,会发生什么情况] go drop table Cert go --'? – mdm 2012-07-26 10:03:51