C#double value发送SQL命令 [英] C# double value sending SQL command
本文介绍了C#double value发送SQL命令的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
你好
i想尝试创建sql命令usinf sql formatter然而我有问题要加倍值。
例如我的值是:1,44
和我的sql命令:INSERT INTO REPORT_DETAILS(BIRIM_FIYAT)VALUES
(1,44)
i得到了值caount错误
i认为它'','我怎么能把它改成'。'
我尝试过:
i use cultre info
google search
Hello
i want to try create sql command usinf sql formatter however i got problem to double values.
For example my value is:1,44
and my sql command:"INSERT INTO REPORT_DETAILS (BIRIM_FIYAT)VALUES
(1,44)"
i got value caount error
i think its about ',' how can i change this to '.'
What I have tried:
i use cultre info
google searches
推荐答案
从不使用字符串连接来构建SQL查询。 总是使用参数化查询。
如果您使用参数化查询,您不仅不必担心文化和格式问题,例如这个,你也可以避免 SQL Injection [ ^ ]漏洞。
NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
If you use a parameterized query, not only will you not have to worry about culture and formatting issues like this, you'll also avoid SQL Injection[^] vulnerabilities.
double BIRIM_FIYAT;
if (double.TryParse(input, out BIRIM_FIYAT))
{
using (var connection = new SqlConnection("..."))
using (var command = new SqlCommand("INSERT INTO REPORT_DETAILS (BIRIM_FIYAT) VALUES (@BIRIM_FIYAT)", connection))
{
command.Parameters.AddWithValue("@BIRIM_FIYAT", BIRIM_FIYAT);
connection.Open();
command.ExecuteNonQuery();
}
}
你想知道关于SQL注入的一切(但不敢问)特洛伊亨特 [ ^ ]
如何在没有技术术语的情况下解释SQL注入? |信息安全堆栈交换 [ ^ ]
查询参数化备忘单| OWASP [ ^ ]
Everything you wanted to know about SQL injection (but were afraid to ask) | Troy Hunt[^]
How can I explain SQL injection without technical jargon? | Information Security Stack Exchange[^]
Query Parameterization Cheat Sheet | OWASP[^]
如果你有:
If you have:
double value = 1.44;
然后
then
String.Format(System.Globalization.CultureInfo.InvariantCulture,"{0}", value);
产生预期结果。
这篇关于C#double value发送SQL命令的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
