请帮我插入查询 [英] Please help me in insert query

问题描述

private void button1_Click(object sender, EventArgs e)
        {
            try
            {
                SqlConnection con = new SqlConnection(@"Data Source=ASUS\SQLEXPRESS;Initial Catalog=E1;Integrated Security=True;");
                con.Open();
               // string str = "CREATE TABLE'"+textBox1.Text+"(userid number(10),password varchar2(20),email varchar2(20));'";
                string str = "CREATE TABLE " + textBox1.Text + " (dataid varchar(10), data varchar());";
                SqlCommand cmd = new SqlCommand(str, con);
                cmd.ExecuteNonQuery();
                string str1 = "insert into users(userid,password,email) values('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox4.Text + "')";
                SqlCommand cmd1 = new SqlCommand(str1, con);
                cmd1.ExecuteNonQuery();
                MessageBox.Show("Table created");
            }
            catch (Exception ex)
                {
                    MessageBox.Show(ex.Message);
                }
}

我的尝试：



i我试图运行它，但是当我运行它时，它会在'（'

What I have tried:

i am trying to run this but when i run it,it says incorrect syntax near '('

推荐答案

附近显示错误的语法更改您的创建表查询。它应该是：

Change your create table query. It should be:

"CREATE TABLE " + textBox1.Text + " (dataid varchar(10), data varchar(10));";

一个聪明人会为一个谷歌进行'参数化查询'而不是连接字符串来形成一个SQL语句 - 它太容易弄错/弄乱它（和它的安全风险）

A wise man would do a google for 'parameterized queries' and not concatentate strings to form a SQL statement - its too easy to get it wrong/mess it up (and its a security risk)

这篇关于请帮我插入查询的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！