如何使用表单视图编辑某些数据而某些数据仍然不可编辑？答案

【问题标题】：How can I edit some data using form view and some data remains uneditable?如何使用表单视图编辑某些数据而某些数据仍然不可编辑？
【发布时间】：2015-09-16 17:15:31
【问题描述】：

我的 aspx.cs 页面中有这段代码。在我的数据库中，我有列 Username、Firstname、Lastname、Email、Password、CustomerType、DeliveryAddress、Zipcode 和 Contact number。

我想要做的是用户名和客户类型保持不可编辑，其他可以由用户编辑。

aspx.cs

    protected void fvClientProfile_ItemUpdating(object sender, FormViewUpdateEventArgs e)
    {

        DataKey key = fvClientProfile.DataKey;
        TextBox txtFN = (TextBox)fvClientProfile.FindControl("txtFN");
        TextBox txtLN = (TextBox)fvClientProfile.FindControl("txtLN");
        TextBox txtAddress = (TextBox)fvClientProfile.FindControl("txtAddress");
        TextBox txtEmail = (TextBox)fvClientProfile.FindControl("txtEmail");
        TextBox txtContact = (TextBox)fvClientProfile.FindControl("txtContact");

        SqlConnection conn = new SqlConnection("Data Source = 'PAULO'; Initial Catalog=ShoppingCartDB;Integrated Security =True");
        SqlDataAdapter da = new SqlDataAdapter("", conn);

        conn.Open();

        da.UpdateCommand = new SqlCommand( "UPDATE UserData SET FirstName ='" + txtFN.Text + "',LastName ='" + txtLN.Text + "',Address ='" + txtAddress.Text + "',Email ='" + txtEmail.Text + "',Contact='"+ txtContact.Text+"'  WHERE ID='" + key.Value.ToString() + "'");

        da.UpdateCommand.ExecuteNonQuery();

        Response.Write("Record updated successfully");
        bindgrid();
        conn.Close();
    }

    protected void fvClientProfile_ModeChanging(object sender, FormViewModeEventArgs e)
    {
        fvClientProfile.ChangeMode(e.NewMode);
        bindgrid();

        if (e.NewMode == FormViewMode.Edit)
        {
            fvClientProfile.AllowPaging = false;
        }
        else
        {
            fvClientProfile.AllowPaging = true;
        }
    }

【问题讨论】：

SQL Injection alert - 您应该不将您的 SQL 语句连接在一起 - 使用 参数化查询 来避免 SQL 注入

标签： c# asp.net formview

【解决方案1】：

我设法解决了这个问题。感谢@Litisqe Kumar 给了我一个关于问题所在的好主意。

鉴于上面的答案，您应该将可编辑字段放在<EditTemplate> 中，这是后面的代码。

    string connStr = ConfigurationManager.ConnectionStrings["MyConn"].ConnectionString;
    SqlDataAdapter sqlda = new SqlDataAdapter();
    SqlCommand com = new SqlCommand();
    DataTable dt;
    protected void Page_Load(object sender, EventArgs e)
    {
        if (Session["New"] != null)
        {
            if (!IsPostBack)
            {
                bindgrid();
            }
        }
    }
    private void bindgrid()
    {
        SqlConnection conn = new SqlConnection(connStr);
        dt = new DataTable();
        com.Connection = conn;
        com.CommandText = "SELECT * FROM UserData WHERE Username ='" + Session["New"] + "'";
        sqlda = new SqlDataAdapter(com);
        sqlda.Fill(dt);
        EmployeeFormView.DataSource = dt;
        EmployeeFormView.DataBind();

    }

    protected void EmployeeFormView_ItemUpdating(object sender, FormViewUpdateEventArgs e)
    {

        DataKey key = EmployeeFormView.DataKey;
        TextBox txtFirstName = (TextBox)EmployeeFormView.FindControl("txtFirstName2");
        TextBox txtLastName = (TextBox)EmployeeFormView.FindControl("txtLastName2");
        TextBox txtPass = (TextBox)EmployeeFormView.FindControl("txtPassword2");
        TextBox txtAddress = (TextBox)EmployeeFormView.FindControl("txtAddress2");
        TextBox txtZip = (TextBox)EmployeeFormView.FindControl("txtZip2");
        TextBox txtContact = (TextBox)EmployeeFormView.FindControl("txtContact2");

        SqlConnection conn = new SqlConnection(connStr);
        com.Connection = conn;
        com.CommandText = "UPDATE UserData SET FirstName ='" + txtFirstName.Text + "',LastName ='" + txtLastName.Text + "',DeliveryAddress ='" + txtAddress.Text + "', Zip ='"+txtZip.Text+ "',Password ='"+ txtPass.Text+"',ContactNumber ='" + txtContact.Text + "'   WHERE ID ='" + key.Value.ToString() + "'";
        conn.Open();
        com.ExecuteNonQuery();
        Response.Write("Record updated successfully");
        bindgrid();
        conn.Close();
    }
    protected void EmployeeFormView_ModeChanging(object sender, FormViewModeEventArgs e)
    {
        EmployeeFormView.ChangeMode(e.NewMode);
        bindgrid();
        if (e.NewMode == FormViewMode.Edit)
        {
            EmployeeFormView.AllowPaging = false;
        }
        else
        {
            EmployeeFormView.AllowPaging = true;
        }
    }

    protected void EmployeeFormView_ItemUpdated(object sender, FormViewUpdatedEventArgs e)
    {
        EmployeeFormView.ChangeMode(FormViewMode.ReadOnly);
    }

【讨论】：

【解决方案2】：

对您要编辑的列使用 EditItemTemplate。例如：

<EditItemTemplate>
                  <table>


                    <tr><td align="right"><b>First Name:</b></td>
                        <td><asp:TextBox ID="txtFirstName2"
                                         Text='<%# Bind("FirstName") %>'
                                         RunAt="Server" /></td></tr>

                    <tr><td align="right"><b>Last Name:</b></td>
                        <td><asp:TextBox ID="txtLastName2"
                                         Text='<%# Bind("LastName") %>'
                                         RunAt="Server" /></td></tr>                                 
                    <tr>
                      <td colspan="2">
                        <asp:LinkButton ID="UpdateButton"
                                        Text="Update"
                                        CommandName="Update"
                                        RunAt="server"/>
                          &nbsp;
                        <asp:LinkButton ID="CancelUpdateButton"
                                        Text="Cancel"
                                        CommandName="Cancel"
                                        RunAt="server"/>
                      </td>
                    </tr>
                  </table>                
</EditItemTemplate>

【讨论】：

是的，先生，我有。当我尝试运行它时，它给了我“对象引用未设置为对象的实例”。感谢您的快速响应先生
您正在尝试使用值为 Nothing/null 的引用变量。当引用变量的值为 Nothing/null 时，这意味着它实际上并未持有对堆上存在的任何对象的实例的引用。那么就会出现这个异常。使用断点并调试您的代码。