全球化的Windows应用程序 [英] Windows Application with Globalization
问题描述
Hello team,
我正在创建一个将由India& amp;荷兰用户。
应用程序在印度工作正常 - 用户机器。
但是当Netherland用户试图将数据插入数据库时...程序给我错误。
我的Qyery是 -
INSERT INTO tbl fld1,fld2,fld3 values(+ val1.Text +,+ val2.Text +,+ val3.Text +)
价值是fld1 =10,000.00
价值是fld2 =20,000.00
价值是fld3 =30,000.00
这里问题是由于逗号,逗号被视为字段分隔符...
请建议我批准,以便我们处理这个问题。
谢谢,
Pravin Karne
使用如下参数
int val1 = int .Parse(val1.Text,NumberStyles.AllowThousands);
int val2 = int .Parse(val2.Text,NumberStyles.AllowThousands);
int val3 = int .Parse(val3.Text,NumberStyles.AllowThousands);
cmd.CommandText = INSERT INTO tbl(fld1,fld2,fld3)VALUES(@ val1,@ val2 ,@ val3);
cmd.Parameters.AddWithValue( @ val1,val1);
cmd.Parameters.AddWithValue( @ val1,val2);
cmd.Parameters.AddWithValue( @ val1,val3);
如果您对输入的int.parse方法有问题,可以尝试使用int.TryParse
int num;
if ( int .TryParse(val1.Text,NumberStyles.AllowThousands,
CultureInfo.InvariantCulture, out num))
{
// 解析成功
}
您是否使用过SQLCommand类的参数?
$ b如果没有通过参数插入值来检查$ b
正确的方法是使用参数。现在,你的数据库对SQL注入攻击开放了。
做这样的事情:
< pre lang =SQL> cmd.CommandText = INSERT INTO tbl(fld1,fld2,fld3)VALUES(@ val1 ,@ val2,@ val3);
cmd.Parameters.AddWithValue( @ val1,val1。文本跨度>);
...
Hello team,
I am creating one Windows application that is going to be use by India & Netherland users.
Application is working fine in India - users machine.
But when Netherland users trying to Insert Data into database...Program giving me error.
My Qyery is -
INSERT INTO tbl fld1,fld2,fld3 values ("+val1.Text+","+val2.Text+","+val3.Text+")
Value is fld1 = "10,000.00"
Value is fld2 = "20,000.00"
Value is fld3 = "30,000.00"
Here problem is due to comma, comma is treated as field seperater...
Please suggest me approve so that we have handle this problem.
Thanks,
Pravin Karne
use parameters like below
int val1 = int.Parse(val1.Text, NumberStyles.AllowThousands); int val2 = int.Parse(val2.Text, NumberStyles.AllowThousands); int val3 = int.Parse(val3.Text, NumberStyles.AllowThousands); cmd.CommandText = "INSERT INTO tbl (fld1,fld2,fld3) VALUES (@val1, @val2, @val3)"; cmd.Parameters.AddWithValue("@val1", val1); cmd.Parameters.AddWithValue("@val1", val2); cmd.Parameters.AddWithValue("@val1", val3);
if you have issue with int.parse method for inputs, you can try with int.TryParse
int num; if (int.TryParse(val1.Text, NumberStyles.AllowThousands, CultureInfo.InvariantCulture, out num)) { // parse success }
have you used parameters for SQLCommand class?
if not check by inserting value through parameters
The proper way to do it is to use parameters. Right now, your database is open to SQL injection attacks.
Do something like this:
cmd.CommandText = "INSERT INTO tbl (fld1,fld2,fld3) VALUES (@val1, @val2, @val3)"; cmd.Parameters.AddWithValue("@val1", val1.Text); ...
这篇关于全球化的Windows应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!