单击按钮时从文本框插入SQL数据库
问题描述:
它说ConnectionString属性尚未初始化
我尝试过:
it says "the ConnectionString Property has not been initialised"
What I have tried:
private void button1_Click(object sender, EventArgs e)
{
using (TestEntities test = new TestEntities())
{
var query = "insert into test.Users (Username,Password) values ('" + textBox1.Text + "','" + textBox2.Text + "')";
SqlConnection con = new SqlConnection();
SqlCommand cmd = new SqlCommand(query, con);
SqlDataReader dbr;
try
{
con.Open();
dbr = cmd.ExecuteReader();
MessageBox.Show("saved");
while (dbr.Read())
{
}
con.Close();
}
catch (Exception es)
{
MessageBox.Show(es.Message);
}
}
}
答
嗯......是的,它会。
你没有给它一个连接字符串...所以它不知道你的数据库在哪里...
尝试设置VS中与服务器资源管理器窗格的连接:
1)打开服务器资源管理器。
2)右键单击数据连接并选择添加连接
3)在随后的对话框中,选择您的数据源和数据库,指定安全信息,然后按测试连接按钮。
4)当连接正常时,按确定
5在服务器资源管理器窗格中突出显示数据库,然后查看属性窗格。将显示连接字符串的工作示例,您可以将其复制并粘贴到您的应用程序或配置文件中。
您不希望ExecuteReader执行INSERT - 它不能返回任何行。改为使用ExecuteNonQuery。
但是......不要那样做!不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改为使用参数化查询。
Well...yes, it would.
You haven't given it a connection string...so it doesn't know where your DB is...
Try setting up a connection in VS with the Server Explorer pane:
1) Open Server Explorer.
2) Right click "Data connections" and select "Add connection"
3) In the dialog that follows, select your DataSource, and database, specify the security info, and press the "Test connection" button.
4) When the connection works, press "OK"
5) Highlight your database in the Server Explorer pane, and look at the Properties pane. A working example of the connection string will be shown, which you can copy and paste into your app or config file.
You don't want to ExecuteReader to do an INSERT - it can't return any rows. USe ExecuteNonQuery instead.
But...don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
从错误消息和代码中明确指出ConnectionString值未提供给SqlConnection对象。
请参考这个 [ ^ ]适用于您的应用程序并尝试运行它的连接字符串。
更正您的代码..
始终使用参数化查询以避免 Sql Injection [ ^ ]攻击。
由于测试对象不在任何地方使用,我们可以删除它。
From the error message and code its clear that theConnectionStringvalue is not provided to theSqlConnectionobject.
refer this[^] for the connection string which suits for your application and try running it.
Correction to your code..
Always use Parameterised query to avoid Sql Injection[^] attacks.
Since the test object is used no where, we can remove it.
private void button1_Click(object sender, EventArgs e)
{
var query = "insert into test.Users (Username,Password) values (@username,@password)";
SqlConnection con = new SqlConnection();
con.ConnectionString = "Your Connection string";
SqlCommand cmd = new SqlCommand(query, con);
cmd.Parameters.Add("@username", textBox1.Text.Trim());
cmd.Parameters.Add("@password", textBox2.Text.Trim());
try
{
con.Open();
cmd.ExecuteNonQuery();
con.Close();
}
catch (Exception es)
{
MessageBox.Show(es.Message);
}
}
作为OriginalGriff答案的补充,您还应养成编写代码的习惯这个:
As an addition to OriginalGriff's answer, you should also make an habit of write the code like this:
using (SqlConnection con = new SqlConnection())
{
con.ConnectionString = "...";
// Your parameterized query code
} // the connection is automatically closed here
或
or
string connectionString = "...";
using (SqlConnection con = new SqlConnection(connectionString))
{
con.ConnectionString = "...";
// Your parameterized query code
} // the connection is automatically closed here
对于连接字符串的不同变体,请访问此站点:
ConnectionStrings.com - 忘记连接字符串?获取它! [ ^ ]
>