如何在DataBase中保存XML数据? [英] How to Save XML Data in DataBase?
本文介绍了如何在DataBase中保存XML数据?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
我想使用C#更新我的应用程序中的XML数据。当我尝试下面的代码时,它不会引发任何错误,但是在daTA BASE它没有更新。请帮助我..这是紧急的
I want to Update the XML data in My Application by using C#.When i trying Below code it does not raise any error,but in daTA BASE IT IS NOT UPDATED.PLE HELP ME..IT IS URGENT
private void button3_Click(object sender, EventArgs e)
{
XmlDocument doc1 = new XmlDocument();
doc1.PreserveWhitespace = true;
doc1.LoadXml(textBox2.Text);
string qury = "update TableName set Column1='" + txt1.Text + "' where Column2='" + txt2.Text + "'";
SqlCommand cmd = new SqlCommand(qury, con);
SqlDataAdapter daaa = new SqlDataAdapter(cmd);
MessageBox.Show("ok");
}
推荐答案
您的代码容易受到 SQL注入 [ ^ ]。
< b>从不使用字符串连接来构建SQL查询。 总是使用参数化查询。
您也从未执行过查询,也从未将XML传递给查询。
尝试这样的事情:
Your code is vulnerable to SQL Injection[^].
NEVER use string concatenation to build a SQL query. ALWAYS use a parameterized query.
You've also never executed your query, and never passed the XML to the query.
Try something like this:
const string Query = "UPDATE TableName SET YourXmlColumn = @Xml WHERE YourOtherColumn = @Condition";
using (SqlCommand cmd = new SqlCommand(Query, con))
{
cmd.CommandType = CommandType.Text;
cmd.Parameters.AddWithValue("@Xml", textBox2.Text);
cmd.Parameters.AddWithValue("@Condition", txt2.Text);
con.Open();
cmd.ExecuteNonQuery();
}
MessageBox.Show("ok");
改变如下:
Hi,
Change like this:
private void button3_Click(object sender, EventArgs e)
{
XmlDocument doc1 = new XmlDocument();
doc1.PreserveWhitespace = true;
doc1.LoadXml(textBox2.Text);
string qury = "update TableName set Column1='" + txt1.Text + "' where Column2='" + txt2.Text + "'";
string connetionString = null;
SqlConnection connection;
SqlDataAdapter adapter = new SqlDataAdapter();
connetionString = "Data Source=ServerName;Initial Catalog=DatabaseName;User ID=UserName;Password=Password";
connection = new SqlConnection(connetionString);
try
{
connection.Open();
adapter.UpdateCommand = connection.CreateCommand();
adapter.UpdateCommand.CommandText = qury;
adapter.UpdateCommand.ExecuteNonQuery();
MessageBox.Show("Row updated !! ");
}
}
尝试这样,你就可以完成它。
谢谢&问候
Sisir Patro
Try like this and you will get it be done.
Thanks & Regards
Sisir Patro
这篇关于如何在DataBase中保存XML数据?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
