如何将数据添加到sql表 [英] how to add a data into sql table
本文介绍了如何将数据添加到sql表的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
你好
如何将数据添加到sql server?
我有dbutilites类,其中包含所有方法,执行缩放器读取器数据集等,
Hello
How to add data into sql server?
I have dbutilites class which has all methods, execute scaler reader dataset etc.,
DataSet _ds = new DataSet();
DBUtilities _util = new DBUtilities();
protected void Button1_Click(object sender, EventArgs e)
{
try
{
string _RequestID = string.Empty;
string DBQuery = "EXECUTE sp_SqlImage ";
DBQuery += "'" + txtName + "', ";
DBQuery += "'" + txtDesc + "', ";
DBQuery += "'" + txtImage + "', ";
DBQuery += "'" + txtActive + "', ";
DBQuery += "'" + txtCreatedBy + "', ";
DBQuery += "'" + txtCreDate + "', ";
_ds = _util.ExecuteDataset(DBQuery, 200);
现在,请任何人帮助我提供正确的代码.上面的代码正确吗?
Now please any one help me with right code. Is the above code right?
推荐答案
以下应该有帮助:
C#Station ADO.NET教程 [为初学者使用ADO.NET [简单的ADO.NET数据库读取,插入,更新和删除使用C#. [ ^ ]
Following should help:
The C# Station ADO.NET Tutorial[^]
Using ADO.NET for beginners[^]
Simple ADO.NET Database Read, Insert, Update and Delete using C#.[^]
从哪里开始?好吧,首先,您不应该使用字符串连接来创建命令.这使您对 SQL注入攻击敞开大门 [ ^ ].
其次,您的字符串连接是错误的-您不应该使用最后一个逗号-看看添加txtCreDate
的行(顺便说一句-在这里有了有意义的名称对您来说做得很好-您已经令人惊讶的是人们经常离开默认名称).
Where to begin? Well, first of all, you shouldn''t be using string concatenation to create your command. This leads you wide open to a SQL Injection Attack[^].
Secondly, your string concatenation is wrong - you have a final comma that shouldn''t be there - take a look at the line where you addtxtCreDate
(BTW - well done to you for having meaningful names here - you''d be surprised how often people leave default names).
这篇关于如何将数据添加到sql表的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文