整数变量正在获取“ad”的字符串值。沿着这条线的某个地方,有人能看到哪里吗?
这是我的代码:
我应该以整数形式获取部门 ID (did) 的输出以及所需的模板文件名(结果)。
我得到的错误是:从字符串“ad”到类型“Integer”的转换无效。我对 ASP.NET 相当陌生,看不到 did 变量在哪里拾取“ad”字符串。
任何帮助将不胜感激。
谢谢
Here is my code:
I should get output of the department id (did) as an integer and the templatefilename (result) that is required.
The errors I get are: Conversion from string "ad" to type 'Integer' is not valid. I'm fairly new to asp.net and cannot see where the did variable picks up the "ad" string.
Any help would be greatly appreciated.
Thanks
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
错误在于以下几行:
您可能是想在 sql 中执行代码,而不是再次在 cmd 中执行。
The mistake is in these lines:
You presumably meant to execute the code in sql, not cmd again.
当您构造对表
departmentsgroupings的查询时,您将更改sql的值,但不会创建新的SqlCommand。这意味着cmd仍然包含旧的 SQL 语句(对Modules表的查询),该语句在执行时返回“ad”。要解决此问题,请按如下方式更改代码:
您可能期望对
sql所做的更改会自动传递给SqlCommand- 但它不起作用那样。编辑:您编写的代码很容易受到 SQL 注入攻击。如果您不知道这些是什么,您需要阅读第一个答案:
“Bobby Tables”XKCD 漫画中的 SQL 注入是如何工作的?
要保护自己免受此类攻击,请使用参数化查询。
When you construct the query to the table
departmentsgroupings, you're changing the value ofsql, but you aren't creating a newSqlCommand. This means thatcmdstill contains the old SQL statement (the query to theModulestable) which, when executed, returns"ad".To fix this, change your code as follows:
You may have expected the change you made to
sqlto get passed on automatically to theSqlCommand-- but it doesn't work that way.Edit: Your code, as written, is vulnerable to SQL injection attacks. If you don't know what these are, you need to read the first answer to this:
How does the SQL injection from the "Bobby Tables" XKCD comic work?
To protect yourself against these kinds of attacks, use parameterized queries.