查询字符串以从SCOPE_IDENTITY调用行数据

|| 我有一个供用户输入数据的提交页面。然后,我重定向到一个查看页面,以便他们可以查看其输入。会话已结束,因为这将是一个高流量站点,但是我在提交命令的末尾使用了作用域标识方法。如何查询范围ID值,以便在查看页面中显示行数据? 代码如下:这是一个培训项目,出于简洁的考虑,我被明确禁止参数化。但是,是的,我知道要实现参数化。
protected void Button1_Click(object sender, EventArgs e)
{
    string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings[\"MyConnectionString\"].ConnectionString;
    String thisQuery = \"INSERT INTO ProductInstance (CustId, CustName, SicNaic, CustAdd, CustCity, CustState, CustZip, BroId, BroName, BroAdd, BroCity, BroState, BroZip, EntityType, Coverage, CurrentCoverage, PrimEx, Retention, EffectiveDate, Commission, Premium, Comments) VALUES (\'\" + TextBox19.Text + \"\', \'\" + TextBox1.Text + \"\', \'\" + RadioButtonList1.SelectedItem + \"\', \'\" + TextBox2.Text + \"\', \'\" + TextBox3.Text + \"\', \'\" + DropDownList1.SelectedItem + \"\', \'\" + TextBox4.Text + \"\', \'\" + TextBox18.Text + \"\', \'\" + TextBox5.Text + \"\', \'\" + TextBox6.Text + \"\', \'\" + TextBox7.Text + \"\', \'\" + DropDownList2.SelectedItem + \"\', \'\" + TextBox8.Text + \"\', \'\" + DropDownList3.SelectedItem + \"\',\'\" + TextBox9.Text + \"\',\'\" + TextBox10.Text + \"\',\'\" + TextBox11.Text + \"\',\'\" + TextBox12.Text + \"\',\'\" + TextBox20.Text + \"\',\'\" + TextBox14.Text + \"\',\'\" + TextBox15.Text + \"\',\'\" + TextBox16.Text + \"\'); SELECT SCOPE_IDENTITY() AS [lastInsertedProductId]\";

    using (SqlConnection sqlConn = new SqlConnection(connectionString))
    {
        sqlConn.Open();

        using (SqlCommand command = new SqlCommand(thisQuery, sqlConn))
        {
            int lastInsertedProductId = Convert.ToInt32(command.ExecuteScalar());
        }
    }
    Response.Redirect(\"~/View.aspx\");
然后查看页面代码在这里:
protected void Page_Load(object sender, EventArgs e)
{
    string x = Request.QueryString[\"ProductId\"];
    string connectionString = System.Configuration.ConfigurationManager.ConnectionStrings[\"MyConnectionString\"].ConnectionString;
    string editQuery = \"SELECT CustId, CustName, SicNaic, CustCity, CustAdd, CustState, CustZip, BroName, BroId, BroAdd, BroCity, BroState, BroZip, EntityType, Coverage, CurrentCoverage, PrimEx, Retention, EffectiveDate, Commission, Premium, Comments FROM ProductInstance WHERE ProductId =\" + x;

    using (SqlConnection editConn = new SqlConnection(connectionString))
    {
        editConn.Open();

        using (SqlCommand command = new SqlCommand(editQuery, editConn))
        {
            SqlDataReader dr = command.ExecuteReader();
            dr.Read();
            Label6.Text = dr.GetInt32(0).ToString();
    
已邀请:
尝试将
lastInsertedProductId
范围扩大
Response.Redirect(\"~/View.aspx?ProductId\" + lastInsertedProductId );
但是请认真考虑一下参数化语句和http://bobby-tables.com/     
您将创建一个存储过程来完成工作,在那里您将获得SCOPE_IDENTITY。 在插入之后。     

要回复问题请先登录注册