更新时间:2023-10-15 09:02:40
哦,什么.停止!!!使用参数化查询来避免SQL注入
Oh what.Stop!!! Use Parameterized query to avoid SQL Injection
在connection
我希望问题是您在选择查询中遗漏了txtEmployId.Text
值和txtEmplyName.Text
值
I hope the problem is you have missesd txtEmployId.Text
value and txtEmplyName.Text
value in your select query
SqlConnection connection= new SqlConnection(your Connection string);
string query = "SELECT CNIC, City, MobileNo, Address, Salary, DailyWage, Status
FROM Employees WHERE EmployId =@EmpID AND Emplname = @Emplname ";
SqlCommand command1 = new SqlCommand(query, connection);
connection.Open();
command1.Parameters.AddWithValue("@EmpID",txtEmployId.Text);
command1.Parameters.AddWithValue("@Emplname",txtEmplyName.Text);
SqlDataReader reader1 = command1.ExecuteReader();
while(reader1.Read())
{
this.txtCNIC.Text = (reader1["CNIC"].ToString());
this.txtEmplyCity.Text = (reader1["City"].ToString());
this.txtEmplyAddress.Text = (reader1["Address"].ToString());
this.txtSalary.Text = (reader1["Salary"].ToString());
this.txtDailyWage.Text = (reader1["DailyWage"].ToString());
reader1.Close();
}