在sql server 2005中通过文本框存储数据时出错 [英] Getting error while store data in sql server 2005 through textbox

问题描述

我通过文本框和按钮在SQL Server 2005中存储数据（大约1500个词）。我使用这个代码。

  protected void Button1_Click（object sender，EventArgs e）
 {
 conn 。打开（）; 
 String query = String.Format（insert into try（data，sno）values（'{0}'，22），TextBox1.Text）; 
 SqlCommand cmd = new SqlCommand（query，conn）; 
 cmd.ExecuteNonQuery（）; 
 Label1.Text =submitted; 
 conn.Close（）; 
} 
  

我有列'data''char（4000）'的$ c>。

$ b < （约1500字），它存储成功。

在's'附近语法不正确。未封闭的报价

问题是什么？

解决方案

使用参数

  String query =insert into try ）values（@ data，22）; 
 SqlCommand cmd = new SqlCommand（query，conn）; 
 cmd.Parameters.AddWithValue（@ data，TextBox1.text）; 
 cmd.ExecuteNonQuery（）; 
  

这样，您不必担心文本中是否存在单引号，最重要的是，您可以避免 SqlInjection攻击

I am storing data (approx. 1500 words) in SQL server 2005 through textbox and button. I am using this code.

protected void Button1_Click(object sender, EventArgs e)
{
    conn.Open();
    String query = String.Format("insert into try (data,sno) values ('{0}',22)",TextBox1.Text);
    SqlCommand cmd = new SqlCommand(query, conn);
    cmd.ExecuteNonQuery();
    Label1.Text = "submitted";
    conn.Close();
}

I have column 'data' of data type 'char(4000)'.

Problem is that, when I store 1st paragraph (approx 1500 words), it stored successfully. But when I stored another paragraph (approx 1500 words), it show me the error.

"Incorrect syntax near 's'. Unclosed quotation mark after the character string ',22)'."

What is the problem ??

解决方案

Use Parameters

String query = "insert into try (data,sno) values (@data,22)"; 
SqlCommand cmd = new SqlCommand(query, conn); 
cmd.Parameters.AddWithValue("@data", TextBox1.text);
cmd.ExecuteNonQuery(); 

In this way you don't need to worry about the presence of single quotes in your text and, the most important thing, you avoid SqlInjection Attacks

这篇关于在sql server 2005中通过文本框存储数据时出错的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！