更新时间:2022-06-20 04:07:19
主要错误是您通过连接用户的字符串输入来构建SQL查询。
这很容易发生SQL注入攻击。
更好地使用参数化查询。
其他错误可能是所选值的问题你的DropDownList(例如,它包含字符')。只是猜测你提供的信息很少。
The main error is you are constructing a SQL query by concatenating string input from user.
This is prone to SQL injection attacks.
Better use parameterized query.
Other error could be a problem with the selected value of your DropDownList (for example, it contains the character '). It's just a guess with the little information you are providing.
cmd3.CommandText = "UPDATE Seats SET SeatStatus = 'Y' WHERE FlightId ='" + flightf + "' AND SeatName ='" + DropDownList4.SelectedValue + "'";
我觉得下拉列表没有返回由于您收到错误而导致的值。因此,请确保您获得DropDownList4.SelectedValue的某些值;如果你没有得到一些价值,你可以尝试使用DropDownList4.Text或DropDownList4.SelectedItem来获取价值。
I feel that the dropdownlist is not returning the value due to which you are getting the error. So, make it sure that you are getting some value against DropDownList4.SelectedValue; if you don't get some value you can try getting value by using DropDownList4.Text or DropDownList4.SelectedItem.