시도하지 않았기 때문에
. sqlcommand.paramemters.addwithvalue와 함께 사용하고 있습니다. 솔루션을 검색했을 때, 나는 이전의 코딩이 SQL injection에 대해 vlunerable하다는 것을 알게되었습니다. 도움을 주셔서 감사합니다. 아래 텍스트 상자, 콤보 박스 및 라디오 버튼에서 데이터베이스에 데이터를 저장하기위한 완벽한 코드입니다.
private void btnSave_Click(object sender, EventArgs e)
{
try
{
DataValidateAndDateFormat();
string strGender;
string strConnectionString = @"Data Source = KK\SQLEXPRESS; Integrated Security = SSPI; Initial Catalog = JeanDB";
SqlConnection cn = new SqlConnection(strConnectionString);
cn.Open();
string strEmpID = txtEmpID.Text.Trim();
string strFirstName = txtFirstName.Text.Trim();
string strLastName = txtLastName.Text.Trim();
string strDesignation = txtDesignation.Text.Trim();
int iSalary = Convert.ToInt32(txtSalary.Text.Trim());
string strAddress = txtAddress.Text.Trim();
int iZipCode = Convert.ToInt32(txtZipCode.Text.Trim());
int iPhone = Convert.ToInt32(txtPhone.Text.Trim());
string strEmail = txtEmail.Text.Trim();
DateTime dtDOB = dtPickerDOB.Value;
string strNationality = comboNationality.SelectedItem.ToString();
if (rbMale.Checked)
strGender = "Male";
else
strGender = "Female";
string strUserName = txtUserName.Text.Trim();
string strPassword = txtPassword.Text.Trim();
string query = "INSERT INTO Employees(EmployeeID, FirstName, LastName, Designation, Salary, Address, ZipCode, Phone, Email, DOB, Nationality, Gender, Username, Password)VALUES(@strEmpID, @strFirstName, @strLastName, @strDesignation, @iSalary, @strAddress, @iZipCode, @iPhone,@strEmail, @dtDOB, @strNationality, @strGender, @strUserName, @strPassword)";
SqlCommand InsertCommand = new SqlCommand(query, cn);
InsertCommand.Connection = cn;
InsertCommand.Parameters.AddWithValue(@"strEmpID", strEmpID);
InsertCommand.Parameters.AddWithValue(@"strFirstName", strFirstName);
InsertCommand.Parameters.AddWithValue(@"strLastName", strLastName);
InsertCommand.Parameters.AddWithValue(@"strDesignation", strDesignation);
InsertCommand.Parameters.AddWithValue(@"iSalary", iSalary);
InsertCommand.Parameters.AddWithValue(@"strAddress", strAddress);
InsertCommand.Parameters.AddWithValue(@"iZipCode", iZipCode);
InsertCommand.Parameters.AddWithValue(@"iPhone", iPhone);
InsertCommand.Parameters.AddWithValue(@"strEmail", strEmail);
InsertCommand.Parameters.AddWithValue(@"dtDOB", dtDOB);
InsertCommand.Parameters.AddWithValue(@"strNationality", strNationality);
InsertCommand.Parameters.AddWithValue(@"strGender", strGender);
InsertCommand.Parameters.AddWithValue(@"strUsername", strUserName);
InsertCommand.Parameters.AddWithValue(@"strPassword", strPassword);
InsertCommand.ExecuteNonQuery();
MessageBox.Show("New Employee's Data has been added successfully");
cn.Close();
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
}
'성별'의 열 데이터 유형은 무엇입니까? – Damith
사용자 DB에 저장할 플래그/ID .... –
열 데이터 형식이 varchar (6)입니다. – kkcoder