如何在asp.net中处理“argumentsmentexception未被用户处理”错误?
问题描述:
protected void Button2_Click(object sender, EventArgs e)
{
using (SqlConnection con = new SqlConnection())
{
con.ConnectionString = @"ADMIN\LOCALHOST;Initial Catalog=maha;Integrated Security=True";
con.Open();
SqlCommand cmd = new SqlCommand("Insert into dbo.student Values ('" + TB1.Text + "','" + TB2.Text + "','" + TB3.Text + "','" + @rm + "')", con);
cmd.ExecuteNonQuery();
con.Close();
}
}
答
连接字符串在ADMIN\LOCALHOST上出错,并且出现错误消息。
必须是这样的:
con.ConnectionString = @"Data Source=localhost;Initial Catalog=maha;Integrated Security=True";
除此之外,你必须parameterize your query,以避免SQL注入https://stackoverflow.com/search?q=sql+injection
How does the SQL injection from the "Bobby Tables" XKCD comic work?
,你也可以阅读: Setting up connection string in ASP.NET to SQL SERVER