string connectionString = @"Data Source=DELL-PC;Initial Catalog = GXBYXS;User ID=sa;Password=123456 "; //定义字符串
System.Data.SqlClient.SqlConnection connection = new System.Data.SqlClient.SqlConnection(connectionString); //创建Sqlconnection对象
// string sql = "insert into zhuce values('" + DropDownList1.SelectedValue + "," + txtname.Text + "," + txtpassword.Text + "," + txtSpassword.Text + "," + txtemail.Text + ")";
string sql=string.Format("insert into zhuce(Usertype,Username,Usermima,Usersmima,Useremail) values('{0}','{1}','{2}','{3}','{4}')", DropDownList1.SelectedValue .ToString(),
txtname.Text.ToString(), txtpassword.Text.ToString(),txtSpassword.Text.ToString(),txtemail.Text.ToString()) ;
try
{
connection.Open(); //打开数据库的连接
// SqlCommand command=new SqlCommand(sql,connection); //创建SqlCommand对象
SqlCommand command = connection.CreateCommand();
command.CommandText = sql;
command.CommandType = CommandType.Text;
int result =command.ExecuteNonQuery();
if (result == 1)
{
Page.Response.Redirect("login.aspx");
}
}
if (result == 1)
你的插入语句不会返回1。
除非你在string sql = "..."
下面加上sql += ";select 1;"
int result =command.ExecuteNonQuery(); 这句话可能并不返回1,所以就不执行里面的跳转方法了。
去掉try..catch语句看看,你的sql语句有问题导致执行到catch语句了吧,你拼接sql语句也没有替换'字符串,很容易被sql注入和存在rss漏洞
string sql=string.Format("insert into zhuce(Usertype,Username,Usermima,Usersmima,Useremail) values('{0}','{1}','{2}','{3}','{4}')", DropDownList1.SelectedValue .ToString(),
txtname.Text.Replace("'","''"), txtpassword.Text.Replace("'","''"),txtSpassword.Text.Replace("'","''"),txtemail.Replace("'","''")) ;
晕, 你这做法还是比较初级, 建议你用上 SQLHelper吧, 要不会有SQL注入的危险。
地址:
http://blog.csdn.net/yenange/article/details/12797203
遇到同样的问题,不知道怎么解决。