SQL Server Renaming a Field name by accepting values from textboxes...It shows "Unclosed quotation mark after the character string ''

y53ybaqx  于 2023-05-28  发布在  其他
关注(0)|答案(1)|浏览(127)

I am using text boxes, textbox1 accepts the value for the existing field and textbox2 accepts new field name. when I click on the button, the corresponding field name I entered in textbox1 in the d/b should change as entered in the textbox2 .

protected void Button1_Click(object sender, EventArgs e)
{ 
    //str = "sp_RENAME 'book.author','Au_Name','COLUMN'";

    str = "sp_RENAME 'book.'" + TextBox1.Text + "','" + TextBox2.Text + "','COLUMN'";
    SqlConnection con = new SqlConnection("Data Source=.;Initial Catalog= Library;Integrated Security=true");
    con.Open();
    SqlCommand cmd = new SqlCommand(str, con);
    SqlDataReader dr = cmd.ExecuteReader();

    //("SELECT * FROM IMSLogin WHERE Uname = '" + Uname + "' AND PWD= '" + pwd + "'", con)
}

Thanks Very much,

Thanks in advance!!

gwbalxhn

gwbalxhn1#

The first and most obvious problem is that user input is sent directly to the db.

The second problem, which may solve your question, is the single quotation behing sp_rename 'book.

From comment: Replace

str = "sp_RENAME 'book.'" + TextBox1.Text

with

str = "sp_RENAME 'book." + TextBox1.Text

(and maybe add some checks on the content of TextBox1.Text)

相关问题