我以哪种方式从var获取数据并插入数据库? [英] In which way I am able to getting data from var and insert in database?
问题描述
我遇到了调用数据插入数据库但没有成功的问题。它是一个抓取网站数据的控制台应用程序。现在我想保存我的这个抓取的数据尽我所能但没有得到正确的结果。想要显示这些数据
I am facing a problem to call data for insertion in database but do not succeeded. It is a console app which crawl the data of website. Now i want to save my this crawled data trying my best but not getting proper result.Want to show this data
using System;
using System.Collections.Generic;
using System.Linq;
using System.Net.Http;
using System.Text;
using System.Threading.Tasks;
using HtmlAgilityPack;
using System.Data.SqlClient;
namespace ZamenCrawler
{
class Program
{
static void Main(string[] args)
{
SqlConnection con;
string var;
var name;
var price;
var image;
var link;
try
{
var = @"Data Source=.;Initial Catalog=WebCrawler;Integrated Security=True";
con = new SqlConnection(var);
con.Open();
Console.WriteLine("DataBase Connected");
string query = "Insert into details(Name,Price,Image,Link) VALUES ('" + name + "'," + price + "," + image + "," + link + ")";
SqlCommand ins = new SqlCommand(query,con);
ins.ExecuteNonQuery();
Console.WriteLine("\n Data Stored in Database");
string q = "Select * from CrawlerDetails";
SqlCommand view = new SqlCommand(q, con);
SqlDataReader dr = view.ExecuteReader();
while (dr.Read())
{
Console.WriteLine("Name:"+dr.GetValue(1).ToString());
Console.WriteLine("\nPrice:" + dr.GetValue(2).ToString());
Console.WriteLine("\nImage:" + dr.GetValue(3).ToString());
Console.WriteLine("\nLink:" + dr.GetValue(4).ToString());
}
con.Close();
}
catch (SqlException x)
{
Console.WriteLine(x.Message);
}
SrtartCrowlerAsync();
Console.ReadLine();
}
private static async Task SrtartCrowlerAsync()
{
var url = "https://www.olx.com.pk/property-for-rent/";
var httpClient = new HttpClient();
var html = await httpClient.GetStringAsync(url);
var htmlDocument = new HtmlDocument();
htmlDocument.LoadHtml(html);
var divs = htmlDocument.DocumentNode.Descendants("td")
.Where(node => node.GetAttributeValue("class", "")
.Equals("offer onclick ")).ToList();
var homes = new List<Home>();
foreach (var td in divs)
{
var name = td?.Descendants("h3")?.FirstOrDefault()?.InnerText;
var price = td?.Descendants("strong")?.FirstOrDefault()?.InnerText;
var image = td?.Descendants("img")?.FirstOrDefault()?
.ChildAttributes("src")?.FirstOrDefault()?.Value;
var link = td?.Descendants("a")?.FirstOrDefault()?
.ChildAttributes("href")?.FirstOrDefault()?.Value;
var home = new Home
{
Area = td?.Descendants("h3")?.FirstOrDefault()?.InnerText,
Price = td?.Descendants("strong")?.FirstOrDefault()?.InnerText,
Image = td?.Descendants("img")?.FirstOrDefault()?
.ChildAttributes("src")?.FirstOrDefault()?.Value,
Link = td?.Descendants("a")?.FirstOrDefault()?
.ChildAttributes("href")?.FirstOrDefault()?.Value,
};
homes.Add(home);
}
}
}
public class Home
{
public String Area { get; set; }
public String Price { get; set; }
public String Image { get; set; }
public String Link { get; set; }
}
}
我尝试过:
What I have tried:
SqlConnection con;
string var;
var name;
var price;
var image;
var link;
try
{
var = @"Data Source=.;Initial Catalog=WebCrawler;Integrated Security=True";
con = new SqlConnection(var);
con.Open();
Console.WriteLine("DataBase Connected");
string query = "Insert into details(Name,Price,Image,Link) VALUES ('" + name + "'," + price + "," + image + "," + link + ")";
SqlCommand ins = new SqlCommand(query,con);
ins.ExecuteNonQuery();
Console.WriteLine("\n Data Stored in Database");
string q = "Select * from CrawlerDetails";
SqlCommand view = new SqlCommand(q, con);
SqlDataReader dr = view.ExecuteReader();
while (dr.Read())
{
Console.WriteLine("Name:"+dr.GetValue(1).ToString());
Console.WriteLine("\nPrice:" + dr.GetValue(2).ToString());
Console.WriteLine("\nImage:" + dr.GetValue(3).ToString());
Console.WriteLine("\nLink:" + dr.GetValue(4).ToString());
}
con.Close();
}
catch (SqlException x)
{
Console.WriteLine(x.Message);
}
推荐答案
看看你在做什么:
Look at what you are doing:
SqlConnection con;
string var;
var name;
var price;
var image;
var link;
try
{
var = @"Data Source=.;Initial Catalog=WebCrawler;Integrated Security=True";
con = new SqlConnection(var);
con.Open();
Console.WriteLine("DataBase Connected");
string query = "Insert into details(Name,Price,Image,Link) VALUES ('" + name + "'," + price + "," + image + "," + link + ")";
SqlCommand ins = new SqlCommand(query,con);
ins.ExecuteNonQuery();
在尝试将变量插入数据库之前,您的变量中有哪些值?没有。这甚至不会编译,更不用说工作了,因为系统不知道你的变量应该是什么数据类型!一直停止使用 var ,在变量中放入一些值,
并且永远不要连接字符串来构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
What values do you have in your variables before you try to insert them to the DB? Nothing. That won't even compile, much less work, because the system has no idea what datatype your variables should be! Stop using var all the time, put some values in your variables,
and never concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
这篇关于我以哪种方式从var获取数据并插入数据库?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
