在Mysql中插入数据的撇号问题。 [英] Apostrophe Issue in Inserting data In Mysql.
问题描述
当有一个Word如它的时,它会生成一个错误,sql语法错误,检查你的mysql手册。
我们可以使用撇号两个时间而不是单一或反斜杠,但这不是解决方案
有什么办法,所以任何人都可以直接发布任何有撇号的单词。
真的需要解决方案。
i我正在使用vb语言和mysql db。
不要连接用于构建命令的字符串。
例如,如果您的代码是:
MySqlCommand cmd = < span class =code-keyword> new MySqlCommand( INSERT INTO myTable(myColumn)VALUES(' + myTextBox.Text + '),con);
和你的文本框包含
今天很冷看到的命令通过SQL是:
INSERT INTO myTable(myColumn) VALUES (' 它'今天很冷' )这将导致错误,因为它假设
'It'是要插入myColumn字段的值,并且
是实际命令的另一部分。
相反,使用参数化查询:
MySqlCommand cmd = new MySqlCommand( INSERT INTO myTable(myColumn)VALUES(@MC),con);
cmd.Parameters.AddWithValue( @ MC,myTextBox.Text);使用它还可以保护您免受意外或故意的SQL注入攻击,这可能会损坏或破坏您的数据库。
When there is a Word Such as " it's " , then it generate a error , sql syntax error , check your mysql manual .
we can use apostrophe two times instead of single or backslash ,but this is not solution
Is there any way , so anyone can directly post any word having apostrophe.
really need solution.
i am using vb language and mysql db.
Don't concatenate strings to build your command.
For example, if your code is:
MySqlCommand cmd = new MySqlCommand("INSERT INTO myTable (myColumn) VALUES('" + myTextBox.Text + "')", con);
and your text box contains
It's cold todayThe the command as seen by SQL is:
INSERT INTO myTable (myColumn) VALUES('It's cold today')which will cause an error becasue it assumes the
'It'is the value to insert in the myColumn field, and
s cold today'is a further part of the actual command.
Instead, use parametrised queries:
MySqlCommand cmd = new MySqlCommand("INSERT INTO myTable (myColumn) VALUES(@MC)", con); cmd.Parameters.AddWithValue("@MC", myTextBox.Text);Using this also protects you from accidental or deliberate SQL Injection attacks, which can damage or destroy your database.
这篇关于在Mysql中插入数据的撇号问题。的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!