交易过程 - 死锁错误
问题描述:
当我从软件更新数据时,我正面临着死锁错误。交易过程 - 死锁错误
这里是我的代码:
所有的private void btn_upd_Click(object sender, EventArgs e)
{
try
{
SqlConnection con = new SqlConnection(Constr);
con.Open();
string myquery = "Select Reg,Rank,Trade,Name,Wing,Father_name,Dob,Gender,Cast,Sect,Serial,Qualification,Tehseel,District,Cnic_No,Blood_Group,Height,Weight,Identification_Mark,Permanent_Add,Nameof_Spouse,Relation,Nameof_MaleKids,image1 from PersonalInfo where Reg='" + txt_srch.Text + "'";
SqlCommand c = new SqlCommand(myquery, con);
SqlDataReader rd = c.ExecuteReader();
if (!(rd.HasRows))
{
MessageBox.Show("No such data to delete");
}
else
{
string query;
query = "update PersonalInfo set Rank='" + textBox2.Text + "', Serial='" + SN.Text + "', Trade='" + textBox3.Text + "',Name='" + textBox4.Text + "',Wing='" + textBox5.Text + "',Father_name='" + textBox6.Text + "',Dob='" + textBox7.Text + "',Gender='" + textBox8.Text + "',Cast='" + textBox9.Text + "',Sect='" + textBox23.Text + "',Qualification='" + textBox10.Text + "',Tehseel='" + textBox24.Text + "',District='" + textBox21.Text + "',Cnic_No='" + textBox11.Text + "',Blood_Group='" + textBox12.Text + "',Height='" + textBox13.Text + "',Weight='" + textBox14.Text + "',Identification_Mark='" + textBox15.Text + "',Permanent_Add='" + textBox16.Text + "',Nameof_Spouse='" + textBox18.Text + "',Relation='" + textBox19.Text + "',Nameof_MaleKids='" + textBox20.Text + "',image1='" + ImageToBase64(pictureBox1.Image, System.Drawing.Imaging.ImageFormat.Jpeg) + "' where Reg='" + txt_srch.Text + "'";
SqlCommand cmd = new SqlCommand(query, con);
cmd.ExecuteNonQuery();
MessageBox.Show("Data Updated");
}
con.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
答
首先,marc_s已经说过,从用户直接输入串联您的疑问是危险的。建议您应该考虑更改该方法并使用参数化查询。
其次,尝试自己的连接Open()和Close()内运行的每个查询:
private void btn_upd_Click(object sender, EventArgs e)
{
try
{
SqlConnection con = new SqlConnection(Constr);
con.Open();
string myquery = "Select Reg,Rank,Trade,Name,Wing,Father_name,Dob,Gender,Cast,Sect,Serial,Qualification,Tehseel,District,Cnic_No,Blood_Group,Height,Weight,Identification_Mark,Permanent_Add,Nameof_Spouse,Relation,Nameof_MaleKids,image1 from PersonalInfo where Reg='" + txt_srch.Text + "'";
SqlCommand c = new SqlCommand(myquery, con);
SqlDataReader rd = c.ExecuteReader();
con.Close();
if (!(rd.HasRows))
{
MessageBox.Show("No such data to delete");
}
else
{
con.Open();
string query;
query = "update PersonalInfo set Rank='" + textBox2.Text + "', Serial='" + SN.Text + "', Trade='" + textBox3.Text + "',Name='" + textBox4.Text + "',Wing='" + textBox5.Text + "',Father_name='" + textBox6.Text + "',Dob='" + textBox7.Text + "',Gender='" + textBox8.Text + "',Cast='" + textBox9.Text + "',Sect='" + textBox23.Text + "',Qualification='" + textBox10.Text + "',Tehseel='" + textBox24.Text + "',District='" + textBox21.Text + "',Cnic_No='" + textBox11.Text + "',Blood_Group='" + textBox12.Text + "',Height='" + textBox13.Text + "',Weight='" + textBox14.Text + "',Identification_Mark='" + textBox15.Text + "',Permanent_Add='" + textBox16.Text + "',Nameof_Spouse='" + textBox18.Text + "',Relation='" + textBox19.Text + "',Nameof_MaleKids='" + textBox20.Text + "',image1='" + ImageToBase64(pictureBox1.Image, System.Drawing.Imaging.ImageFormat.Jpeg) + "' where Reg='" + txt_srch.Text + "'";
SqlCommand cmd = new SqlCommand(query, con);
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Data Updated");
}
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
+0
是的,这是正确的。击败我! @Syed除非将SQL作为事务,存储过程或函数的一部分结合在一起,否则无法在ONE cmd对象中执行多个SQL命令。 – Fandango68
[SQL注入警报(http://msdn.microsoft.com/en-us/library/ms161953%28v= sql.105%29.aspx) - 你应该不**将你的SQL语句连接在一起 - 使用**参数化查询**来避免SQL注入 - 检出[Little Bobby Tables](https://xkcd.com/327 /) –