无法向表中添加数据 [英] having trouble adding data to table
问题描述
*************例外文字*** ***********
System.Data.SqlClient.SqlException:'12'附近的语法不正确。 System.Data.SqlClient.SqlConnection.OnError(SqlException exception,Boolean breakConnection)
System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
System.Data.SqlClient
。 TdsParser.Run(RunBehavior runBehavior,SqlCommand cmdHandler,SqlDataReader dataStream,BulkCopySimpleResultSet bulkCopyHandler,TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName,Boolean async)
at System.Data.SqlClient .SqlCommand.InternalExecuteNonQuery(DbAsyncResult result,String methodName,Boolean sendToPipe)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at login_form.add_user.button1_Click(Object sender,EventArgs e)in C: \ Users\james \New folder\POS\pos\login form\add user.cs:line 25
at System.Windows.Forms.Control.OnClick(EventArgs e)
在System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
在System.Windows.Forms.Control.WmMouseUp(消息& m,MouseButtons按钮,Int32单击)
在System.Windows.Forms.Control.WndProc(消息& m)
在System.Windows.Forms.ButtonBase.WndProc(消息& m)
在System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback (IntPtr hWnd,Int32 msg,IntPtr wparam,IntPtr lparam)
继承人我的代码:
SqlConnection con = new SqlConnection( 数据源= JAMES-PC\\SQLEXPRESS;初始目录= login1;集成安全性=真);
con.Open();
SqlCommand cmd = new SqlCommand( INSERT INTO user1(用户名,密码)VALUES(' + textBox1.Text + ',' + textBox2.Text + ',con);
cmd.ExecuteNonQuery ();
con.Close();
2ndly我知道我的代码是非常sql注入证明,阅读它:)
你忘记了在 VALUES 结束。
检查一下 -
SqlCommand cmd = new SqlCommand( INSERT INTO user1(用户名,密码)VALUES(' + textBox1。文字+ ',' + textB ox2.Text + '),con);
希望,它有帮助:)
更新:
如您所知,这很容易受到SQL注入攻击,花费很少时间(而不是更多)将其转换为参数化查询。
SqlCommand cmd = new SqlCommand( INSERT INTO user1([username],[password]) VALUES(@ username,@ password),con);
cmd.Parameters.AddWithValue(@ username,textBox1.Text);
cmd.Parameters.AddWithValue(@ password,textBox2.Text);
参考:使用参数化查询来防止SQL Server中的SQL注入攻击 [ ^ ]
希望,你会考虑这个更新:)
hey guys , i get a error when adding data, - i have 2 textboxes and the entered data inside the textboxes shud be inserted into a sqls table, right, so i get a message on the 2nd text box \\
************* Exception Text **************
System.Data.SqlClient.SqlException: Incorrect syntax near '12'.
at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection)
at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj)
at System.Data.SqlClient.TdsParser.Run(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj)
at System.Data.SqlClient.SqlCommand.RunExecuteNonQueryTds(String methodName, Boolean async)
at System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(DbAsyncResult result, String methodName, Boolean sendToPipe)
at System.Data.SqlClient.SqlCommand.ExecuteNonQuery()
at login_form.add_user.button1_Click(Object sender, EventArgs e) in C:\Users\james\New folder\POS\pos\login form\add user.cs:line 25
at System.Windows.Forms.Control.OnClick(EventArgs e)
at System.Windows.Forms.Button.OnMouseUp(MouseEventArgs mevent)
at System.Windows.Forms.Control.WmMouseUp(Message& m, MouseButtons button, Int32 clicks)
at System.Windows.Forms.Control.WndProc(Message& m)
at System.Windows.Forms.ButtonBase.WndProc(Message& m)
at System.Windows.Forms.Button.WndProc(Message& m)
at System.Windows.Forms.Control.ControlNativeWindow.WndProc(Message& m)
at System.Windows.Forms.NativeWindow.Callback(IntPtr hWnd, Int32 msg, IntPtr wparam, IntPtr lparam)
heres my code :
SqlConnection con = new SqlConnection("Data Source=JAMES-PC\\SQLEXPRESS;Initial Catalog=login1;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand("INSERT INTO user1 (username, password) VALUES ('" + textBox1.Text + "','" + textBox2.Text + "'", con);
cmd.ExecuteNonQuery();
con.Close();
2ndly i know my code aint very sql injection proof , reading up on it :)
You have forgetten to put a close bracket after VALUES ends.
Check this-
SqlCommand cmd = new SqlCommand("INSERT INTO user1 (username, password) VALUES ('" + textBox1.Text + "','" + textBox2.Text + "')", con);
Hope, it helps :)
UPDATE:
As you know this is vulnerable to SQL Injection, spend little time (not more) to convert this to a parameterized query.
SqlCommand cmd = new SqlCommand("INSERT INTO user1 ([username], [password]) VALUES (@username,@password)", con); cmd.Parameters.AddWithValue(@username,textBox1.Text); cmd.Parameters.AddWithValue(@password,textBox2.Text);
Reference: Using Parameterized queries to prevent SQL Injection Attacks in SQL Server[^]
Hope, you'll consider this update :)
这篇关于无法向表中添加数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!