更新时间:2022-12-11 20:37:07
在我们解决您的主要问题之前,您的代码需要进行一些清理。首先,让它成为一个习惯在使用语句中放置食用资源的对象,例如
确保对象在使用后正确处理和关闭。SqlConnection
和SqlCommand
其次,正如评论部分已经建议的那样,直接附加值对你的SQL查询是一个大不了没有,因为它可能导致SQL注入攻击
。使用参数化查询来避免这种情况发生:保护你的数据:预防SQL注入[^] [ ^ ]
三,使用CheckBoxList
控制因此您可以轻松地将其与数据库中的结果绑定。以下是您可以参考的示例:保存CheckBoxList所选项目并将其保留在PostBack上。 [ ^ ]
Before we move to solving your main issue, your code needs some clean up. First off, make it a habit to put objects that eat resources such asSqlConnection
andSqlCommand
within ausing statement
to ensure that objects will be properly disposed and closed after they are used.
Second, as already suggested in the comments section, appending the values directly to your SQL query is a BIG no no as it can potentially leads toSQL Injection attack
. Use parameterize query to avoid that to happen: Protect Your Data: Prevent SQL Injection[^] [^]
Third, use aCheckBoxList
Control so you can easily bind it with the result from your database. Here's an example that you can refer: Save CheckBoxList Selected Items and Retain them on PostBacks.[^]