我需要输出仅在第一行上的数据,但是它正在打印添加到数据库表中的所有数据。数据如下:
例如,它应仅打印“ Not Very Nice”和ID 27的消息,而不打印ID 28的第二行。
这是代码:
using System.Web;
using System.Web.UI;
using System.Web.UI.WebControls;
using System.Data.SqlClient;
using System.Configuration;
public partial class feedback1 : System.Web.UI.Page
{
SqlConnection con;
string cons = ConfigurationManager.ConnectionStrings["constring"].ConnectionString;
SqlCommand cmd;
protected void Page_Load(object sender, EventArgs e)
{
}
protected void Button1_Click(object sender, EventArgs e)
{
con = new SqlConnection(cons);
con.Open();
cmd = new SqlCommand("insert into feedback(username,message) values('" + TextBox1.Text + "','" + TextBox2.Text +"')", con);
cmd.ExecuteNonQuery();
}
}
这是输出。
这是输出页面代码。
<form id="form1" runat="server">
<asp:GridView ID="GridView1" runat="server" AutoGenerateColumns="False" DataKeyNames="id" DataSourceID="SqlDataSource1" EnableModelValidation="True" OnSelectedIndexChanged="GridView1_SelectedIndexChanged" GridLines="None">
<Columns>
<asp:BoundField DataField="id" InsertVisible="False" ReadOnly="True" SortExpression="id" />
<asp:BoundField DataField="username" HeaderText="username" SortExpression="username" />
<asp:BoundField DataField="message" HeaderText="message" SortExpression="message" />
</Columns>
</asp:GridView>
<asp:SqlDataSource ID="SqlDataSource1" runat="server" ConnectionString="<%$ ConnectionStrings:ConnectionString %>" OnSelecting="SqlDataSource1_Selecting" SelectCommand="SELECT * FROM [feedback]"></asp:SqlDataSource>
<div>
</div>
</form>
最佳答案
这只是修改SQL查询的一种情况:
选择第一行:
<asp:SqlDataSource
ID="SqlDataSource1"
runat="server"
ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
OnSelecting="SqlDataSource1_Selecting"
SelectCommand="SELECT * FROM [feedback] LIMIT 1">
</asp:SqlDataSource>
选择特定的ID:
<asp:SqlDataSource
ID="SqlDataSource1"
runat="server"
ConnectionString="<%$ ConnectionStrings:ConnectionString %>"
OnSelecting="SqlDataSource1_Selecting"
SelectCommand="SELECT * FROM [feedback] WHERE [id] = REPLACE_WITH_YOUR_NUMBER">
</asp:SqlDataSource>
“注意:并非所有的数据库系统都支持SELECT TOP子句。MySQL支持LIMIT子句来选择数量有限的记录。”
请参阅:https://www.w3schools.com/sql/sql_top.asp
注意
📂 Your Database------------------------------------------------------------
└📁 Your Data------------------------------------------------------------
└⚠️ Could Not Find Anything. FileSize: 0 bytes----------------------
您的程序容易受到SQL注入的攻击。
请在执行查询之前修改您的输入以清理查询。
protected void Button1_Click(object sender, EventArgs e)
{
con = new SqlConnection(cons);
con.Open();
string txtb1= TextBox1.Text,
txtb2= TextBox2.Text;
sqlCommand.CommandText = "select * from product where name = @name";
cmd = new SqlCommand("insert into feedback(username,message) values('" + @txtb1 + "','" + @txtb2 +"')", con);
cmd.Parameters.AddWithValue("txtb1", txtb1);
cmd.Parameters.AddWithValue("txtb2", txtb2);
cmd.ExecuteNonQuery();
}
there就停在那里! 🚨✋!这是警察👮我希望您在这个街区附近。您违反刑法404-找不到数据库!
如果您再次发布此社区附近的另一条sql-vulnerable📠
我要🔒逮捕你🔒
今天没有票👦
just这只是一个警告⚠️下次要小心🚧