ExecuteReader: Connection property has not been initialized.
ExecuteReader:连接属性尚未初始化。
my coding is
我的编码是
protected void Button2_Click(object sender, EventArgs e)
{
SqlConnection conn = new SqlConnection("Data Source=Si-6\\SQLSERVER2005;Initial Catalog=rags;Integrated Security=SSPI");
SqlDataReader rdr = null;
try
{
// 2. Open the connection
conn.Open();
// 3. Pass the connection to a command object
//SqlCommand cmd = new SqlCommand("select * from Customers", conn);
SqlCommand cmd=new SqlCommand ("insert into time(project,iteration)
values('"+this .name1 .SelectedValue +"','"+this .iteration .SelectedValue +"')");
//
// 4. Use the connection
//
// get query results
rdr = cmd.ExecuteReader();
// print the CustomerID of each record
while (rdr.Read())
{
Console.WriteLine(rdr[0]);
}
}
finally
{
// close the reader
if (rdr != null)
{
rdr.Close();
}
// 5. Close the connection
if (conn != null)
{
conn.Close();
}
}
}
}
}
7 个解决方案
#1
57
use this and pass connection object :
使用这个并传递连接对象:
SqlCommand cmd=new SqlCommand ("insert into time(project,iteration)values('"+this .name1 .SelectedValue +"','"+this .iteration .SelectedValue +"')",conn);
#2
14
After SqlCommand cmd=new SqlCommand ("insert into time(project,iteration)values('.... Add
后SqlCommand cmd = new SqlCommand(“插入时间(项目,迭代)值(“....添加
cmd.Connection = conn;
Hope this help
希望这有助于
#3
6
you have to assign connection to your command object, like..
您必须将连接分配给命令对象,比如…
SqlCommand cmd=new SqlCommand ("insert into time(project,iteration)values('"+this .name1 .SelectedValue +"','"+this .iteration .SelectedValue +"')");
cmd.Connection = conn;
#4
3
All of the answers is true.This is another way. And I like this One
所有的答案都是正确的。这是另一种方式。我喜欢这个。
SqlCommand cmd = conn.CreateCommand()
you must notice that strings concat have a sql injection problem. Use the Parameters http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx
您必须注意到string concat有sql注入问题。使用http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx的参数
#5
3
You can also write this:
你也可以这样写:
SqlCommand cmd=new SqlCommand ("insert into time(project,iteration) values (@project, @iteration)", conn);
cmd.Parameters.AddWithValue("@project",name1.SelectedValue);
cmd.Parameters.AddWithValue("@iteration",iteration.SelectedValue);
#6
2
As mentioned you should assign the connection and you should preferably also use sql parameters instead, so your command assignment would read:
如前所述,您应该分配连接,最好也使用sql参数,因此您的命令分配应该是:
// 3. Pass the connection to a command object
SqlCommand cmd=new SqlCommand ("insert into time(project,iteration) values (@project, @iteration)", conn); // ", conn)" added
cmd.Parameters.Add("project", System.Data.SqlDbType.NVarChar).Value = this.name1.SelectedValue;
cmd.Parameters.Add("iteration", System.Data.SqlDbType.NVarChar).Value = this.name1.SelectedValue;
//
// 4. Use the connection
//
By using parameters you avoid SQL injection and other problematic typos (project names like "myproject's" is an example).
通过使用参数,您可以避免SQL注入和其他有问题的拼写错误(例如“myproject”之类的项目名称)。
#7
1
I like to place all my sql connections in using statements. I think they look cleaner, and they clean up after themselves when your done with them. I also recommend parameterizing every query, not only is it much safer but it is easier to maintain if you need to come back and make changes.
我喜欢将所有sql连接放在using语句中。我认为它们看起来更干净,当你用完后它们会自己清理。我还建议对每个查询进行参数化,这不仅更安全,而且如果需要返回并进行更改,维护起来也更容易。
// create/open connection
using (SqlConnection conn = new SqlConnection("Data Source=Si-6\\SQLSERVER2005;Initial Catalog=rags;Integrated Security=SSPI")
{
try
{
oCn.Open();
// initialize command
using (SqlCommand cmd = conn.CreateCommand())
{
// generate query with parameters
with cmd
{
.CommandType = CommandType.Text;
.CommandText = "insert into time(project,iteration) values(@name, @iteration)";
.Parameters.Add(new SqlParameter("@name", this.name1.SelectedValue));
.Parameters.Add(new SqlParameter("@iteration", this.iteration.SelectedValue));
.ExecuteNonQuery();
}
}
}
catch (Exception)
{
//throw;
}
finally
{
if (conn != null && conn.State == ConnectionState.Open)
{
conn.Close;
}
}
}
#1
57
use this and pass connection object :
使用这个并传递连接对象:
SqlCommand cmd=new SqlCommand ("insert into time(project,iteration)values('"+this .name1 .SelectedValue +"','"+this .iteration .SelectedValue +"')",conn);
#2
14
After SqlCommand cmd=new SqlCommand ("insert into time(project,iteration)values('.... Add
后SqlCommand cmd = new SqlCommand(“插入时间(项目,迭代)值(“....添加
cmd.Connection = conn;
Hope this help
希望这有助于
#3
6
you have to assign connection to your command object, like..
您必须将连接分配给命令对象,比如…
SqlCommand cmd=new SqlCommand ("insert into time(project,iteration)values('"+this .name1 .SelectedValue +"','"+this .iteration .SelectedValue +"')");
cmd.Connection = conn;
#4
3
All of the answers is true.This is another way. And I like this One
所有的答案都是正确的。这是另一种方式。我喜欢这个。
SqlCommand cmd = conn.CreateCommand()
you must notice that strings concat have a sql injection problem. Use the Parameters http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx
您必须注意到string concat有sql注入问题。使用http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx的参数
#5
3
You can also write this:
你也可以这样写:
SqlCommand cmd=new SqlCommand ("insert into time(project,iteration) values (@project, @iteration)", conn);
cmd.Parameters.AddWithValue("@project",name1.SelectedValue);
cmd.Parameters.AddWithValue("@iteration",iteration.SelectedValue);
#6
2
As mentioned you should assign the connection and you should preferably also use sql parameters instead, so your command assignment would read:
如前所述,您应该分配连接,最好也使用sql参数,因此您的命令分配应该是:
// 3. Pass the connection to a command object
SqlCommand cmd=new SqlCommand ("insert into time(project,iteration) values (@project, @iteration)", conn); // ", conn)" added
cmd.Parameters.Add("project", System.Data.SqlDbType.NVarChar).Value = this.name1.SelectedValue;
cmd.Parameters.Add("iteration", System.Data.SqlDbType.NVarChar).Value = this.name1.SelectedValue;
//
// 4. Use the connection
//
By using parameters you avoid SQL injection and other problematic typos (project names like "myproject's" is an example).
通过使用参数,您可以避免SQL注入和其他有问题的拼写错误(例如“myproject”之类的项目名称)。
#7
1
I like to place all my sql connections in using statements. I think they look cleaner, and they clean up after themselves when your done with them. I also recommend parameterizing every query, not only is it much safer but it is easier to maintain if you need to come back and make changes.
我喜欢将所有sql连接放在using语句中。我认为它们看起来更干净,当你用完后它们会自己清理。我还建议对每个查询进行参数化,这不仅更安全,而且如果需要返回并进行更改,维护起来也更容易。
// create/open connection
using (SqlConnection conn = new SqlConnection("Data Source=Si-6\\SQLSERVER2005;Initial Catalog=rags;Integrated Security=SSPI")
{
try
{
oCn.Open();
// initialize command
using (SqlCommand cmd = conn.CreateCommand())
{
// generate query with parameters
with cmd
{
.CommandType = CommandType.Text;
.CommandText = "insert into time(project,iteration) values(@name, @iteration)";
.Parameters.Add(new SqlParameter("@name", this.name1.SelectedValue));
.Parameters.Add(new SqlParameter("@iteration", this.iteration.SelectedValue));
.ExecuteNonQuery();
}
}
}
catch (Exception)
{
//throw;
}
finally
{
if (conn != null && conn.State == ConnectionState.Open)
{
conn.Close;
}
}
}