全球化的Windows应用程序 [英] Windows Application with Globalization

查看:53
本文介绍了全球化的Windows应用程序的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!

问题描述

Hello team,



我正在创建一个将由India& amp;荷兰用户。

应用程序在印度工作正常 - 用户机器。

但是当Netherland用户试图将数据插入数据库时​​...程序给我错误。



我的Qyery是 - 

 INSERT INTO tbl fld1,fld2,fld3 values(+ val1.Text +,+ val2.Text +,+ val3.Text +)



价值是fld1 =10,000.00



价值是fld2 =20,000.00



价值是fld3 =30,000.00





这里问题是由于逗号,逗号被视为字段分隔符...



请建议我批准,以便我们处理这个问题。





谢谢,

Pravin Karne

解决方案

使用如下参数



  int  val1 =  int  .Parse(val1.Text,NumberStyles.AllowThousands); 
  int  val2 =  int  .Parse(val2.Text,NumberStyles.AllowThousands); 
  int  val3 =  int  .Parse(val3.Text,NumberStyles.AllowThousands); 
 cmd.CommandText =   INSERT INTO tbl(fld1,fld2,fld3)VALUES(@ val1,@ val2 ,@ val3); 
 cmd.Parameters.AddWithValue(  @ val1,val1); 
 cmd.Parameters.AddWithValue(  @ val1,val2); 
 cmd.Parameters.AddWithValue(  @ val1,val3);





如果您对输入的int.parse方法有问题,可以尝试使用int.TryParse 



  int  num; 
  if  int  .TryParse(val1.Text,NumberStyles.AllowThousands,
 CultureInfo.InvariantCulture, out  num))
 {
  //  解析成功 
}


您是否使用过SQLCommand类的参数?
$ b如果没有通过参数插入值来检查$ b


正确的方法是使用参数。现在,你的数据库对SQL注入攻击开放了。



做这样的事情:



< pre lang =SQL> cmd.CommandText = INSERT INTO tbl(fld1,fld2,fld3)VALUES(@ val1 ,@ val2,@ val3);
cmd.Parameters.AddWithValue( @ val1,val1。文本);
...


Hello team,

I am creating one Windows application that is going to be use by India & Netherland users.
Application is working fine in India - users machine.
But when Netherland users trying to Insert Data into database...Program giving me error.

My Qyery is -

INSERT INTO tbl fld1,fld2,fld3 values ("+val1.Text+","+val2.Text+","+val3.Text+")


Value is fld1 = "10,000.00"


Value is fld2 = "20,000.00"


Value is fld3 = "30,000.00"



Here problem is due to comma, comma is treated as field seperater...

Please suggest me approve so that we have handle this problem.


Thanks,
Pravin Karne

解决方案

use parameters like below 

int val1 = int.Parse(val1.Text, NumberStyles.AllowThousands);
int val2 = int.Parse(val2.Text, NumberStyles.AllowThousands);
int val3 = int.Parse(val3.Text, NumberStyles.AllowThousands);
cmd.CommandText = "INSERT INTO tbl (fld1,fld2,fld3) VALUES (@val1, @val2, @val3)";
cmd.Parameters.AddWithValue("@val1", val1);
cmd.Parameters.AddWithValue("@val1", val2);
cmd.Parameters.AddWithValue("@val1", val3);



if you have issue with int.parse method for inputs, you can try with int.TryParse

int num;
if (int.TryParse(val1.Text, NumberStyles.AllowThousands,
                 CultureInfo.InvariantCulture, out num))
{
    // parse success
}


have you used parameters for SQLCommand class?
if not check by inserting value through parameters


The proper way to do it is to use parameters. Right now, your database is open to SQL injection attacks.

Do something like this:

cmd.CommandText = "INSERT INTO tbl (fld1,fld2,fld3) VALUES (@val1, @val2, @val3)";
cmd.Parameters.AddWithValue("@val1", val1.Text);
...


这篇关于全球化的Windows应用程序的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!

查看全文
相关文章
其他开发语言最新文章
热门教程
热门工具
登录 关闭
扫码关注1秒登录
发送“验证码”获取 | 15天全站免登陆