如何删除此错误 [英] How Do I Remove This Erroe
本文介绍了如何删除此错误的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
嗨!我已经写了这段代码但是当我输入保存按钮以保存数据库中的数据时,这个错误出现12'附近的语法不正确。 。我如何处理这个错误。
Hi! i have write this code but when i enter save button for to save data in data base this error come"Incorrect syntax near '12'." .How can i handle this error.
Namespace HOSPITAL_MANAGEMENT_SYSTEM.Forms
{
public partial class Doctor_Page : DevExpress.XtraEditors.XtraForm
{
public Doctor_Page()
{
InitializeComponent();
}
HOSPITAL_MANAGEMENT_SYSTEM.dataaccess dbcs = new dataaccess();
private void Doctor_Page_Load(object sender, EventArgs e)
{
}
private void btn_save_Click(object sender, EventArgs e)
{
DateTime datee = DateTime.Parse(date.EditValue.ToString());
//DateTime dateee =
string starttime = txtbx_starttime.Text.Trim();
string endtime = txtbx_endtime.Text.Trim();
string patienttype = combo_patnttype.SelectedIndex.ToString();
string patientfee = txtbx_patntfee.Text.Trim();
string patientname = txtbx_patntname.Text.Trim();
string phonnum = txtbx_phnnum.Text.Trim();
string appoint = combo_appointtype.SelectedIndex.ToString();
string insert = string.Format("insert into doctor values({0},'{1}','{2}','{3}',{4},'{5}',{6},'{7}')", datee, starttime, endtime,patienttype,patientfee,patientname, phonnum, appoint);
SqlCommand sqlcm = new SqlCommand (insert, dbcs.open());
sqlcm.ExecuteNonQuery();
}
推荐答案
你想使用参数让你没有sql注入安全问题。
例如:
You want to use parameters so that you don't have sql injection security issues.
For example:
string insert = "INSERT INTO doctor VALUES (@field1, @field2..."
sqlcm.Parameters.AddWithValue("@field1", txtField1.Text);
...
这也将解决您的语法问题。
That will also solve your syntax issue.
这篇关于如何删除此错误的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文