asp.net剃刀
问题描述:
有与(VAR query4)怎么个APS desn't告诉我任何味精任何问题,但它不能将数据插入到表concerneasp.net剃刀
@{
var userId = Request["UserId"];
var Type = Request["type"];
var db = Database.Open("intranet");
if(Type == "delete")
{
var query = "UPDATE Personne SET Demande = 'refuser' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);
}
else if(Type == "accepte")
{
var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);
var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'";
db.Execute(query4);
}
}
和whene我做出评论这个代码它的工作原理,以及:
/* var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = '" + userId + "'";
db.Execute(query);
var query2 = "DELETE from DemandeConge where UserId = '" + userId + "'";
db.Execute(query2);*/
var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = '" + userId + "'";
db.Execute(query4);
}
答
您正在删除从DemandeConge涉及到要插入CongeAccept所以当尝试插入查询用户的一切,有没有东西插。更改您的语句和使用参数的顺序:
@{
var userId = Request["UserId"];
var Type = Request["type"];
var db = Database.Open("intranet");
if(Type == "delete")
{
var query = "UPDATE Personne SET Demande = 'refuser' WHERE UserId = @0";
db.Execute(query, userId);
var query2 = "DELETE from DemandeConge where UserId = @0";
db.Execute(query2, userId);
}
else if(Type == "accepte")
{
var query = "UPDATE Personne SET Demande = 'accepte' WHERE UserId = @0";
db.Execute(query, userId);
var query4 = "INSERT INTO CongeAccept(UserId,DateDebut,DateFin,TypeConge) SELECT UserId,DateDebutDemande,DateFinDemande,TypeConge FROM DemandeConge WHERE UserId = @0";
db.Execute(query4, userId);
var query2 = "DELETE from DemandeConge where UserId = @0";
db.Execute(query2, userId);
}
}
**警告**您的代码容易受到sql注入攻击。 – 2012-02-28 00:50:21
是的,我知道它只是一个练习考试^^ – user1233875 2012-02-28 00:55:50