これは私のC#プロジェクトのエラーです。テーブル定義と一致しない列名または指定された値の数:SQL例外がCで処理されませんでした#
型「System.Data.SqlClient.SqlException」の未処理の例外は、のSystem.Data.dll
で発生しました追加情報。データベース
CREATE TABLE [dbo].[form5_table] ( [registration_No] NVARCHAR (10) NOT NULL, [dateOfRegistration] DATE NOT NULL, [nameWithInitials] NVARCHAR (50) NOT NULL, [fullName] NVARCHAR (50) NOT NULL, [address] NVARCHAR (50) NOT NULL, [telNo] NVARCHAR (10) NULL, [dateOfBirth] DATE NOT NULL, [gender] NVARCHAR (10) NOT NULL, [nic] NVARCHAR (10) NOT NULL, [policeArea] NVARCHAR (50) NOT NULL, PRIMARY KEY CLUSTERED ([registration_No] ASC)
)にForm5
using System; using System.Collections.Generic; using System.ComponentModel; using System.Data; using System.Drawing; using System.Linq; using System.Text; using System.Threading.Tasks; using System.Windows.Forms; using System.Data.SqlClient; namespace HMS_esoft { public partial class Form5 : Form { SqlConnection con = new SqlConnection(@"Data Source=(LocalDB)\v11.0;AttachDbFilename=C:\Users\iyesha\Desktop\hms_esoft\HMS_esoft\HMS_esoft\Database1.mdf;Integrated Security=True"); public Form5() { InitializeComponent(); } private void label1_Click(object sender, EventArgs e) { } private void btnsubmit_Click(object sender, EventArgs e) { con.Open(); SqlCommand cmd = con.CreateCommand(); cmd.CommandType = CommandType.Text; cmd.CommandText = "insert into Form5_table values('" + txtregno.Text + "','" + dateandtime.Text + "','" + txtname.Text + "','" + txtfullname.Text + "','" + txtaddress.Text + "','" + txttelno.Text + "','" + cmbyear.Text + "','" + cmbmonth.Text + "','" + cmbday.Text + "','" + grpbxgender.Text + "','" + txtnic.Text + "','" + txtpolicearea.Text + "')"; cmd.ExecuteNonQuery(); con.Close(); MessageBox.Show("You registered Successfully..", "Submition Complete", MessageBoxButtons.OK, MessageBoxIcon.None); } private void btnreset_Click(object sender, EventArgs e) { txtfullname.Text = " "; txtname.Text = " "; txtaddress.Text = " "; txttelno.Text = " "; txtnic.Text = " "; txtpolicearea.Text = " "; cmbday.Text = " "; cmbmonth.Text = " "; cmbyear.Text = " "; txtregno.Text = " "; rbtnfemale.Checked = false; rbtnmale.Checked = false; } private void btnback_Click(object sender, EventArgs e) { Form3 b = new Form3(); b.Show(); this.Hide(); } /*try { dt = registerOutPatient.hms; dr = dt.NewRow(); dr["Registration_No"] = txtregno.Text; dr["Registration_Date"] = dateandtime.Text; dr["Name_with_Initials"] = txtname.Text; dr["Full_Name"] = txtfullname.Text; dr["Address"] = txtaddress.Text; dr["Tel_No"] = txttelno.Text; dr["Date_of_Birth"] = grpbxdob.Text; if (rbtnmale.Checked) { dr["Gender"] = "Male"; } else if (rbtnfemale.Checked) { dr["Gender"] = "Female"; } dr["NIC"] = txtnic.Text; dr["Police_area"] = txtpolicearea.Text; } catch { MessageBox.Show("order id is already there"); txtregno.Clear(); txtregno.Focus(); }*/ }
}
Form5_tableために作成
コード
コード。
この問題を解決できますか?
エラーメッセージは、あなたが絶対に「SQLインジェクション」のセキュリティ問題についてお読みください – Izzy
かなり明確であるように思われます。 SQLクエリを作成するこの方法は、安全性と堅牢性の両方の懸念からひどいものです。 – AFract