将数据插入sqlserver,查询太长我想切入pecies怎么样? [英] insert data into sqlserver, query is too length i want to cut into pecies how?
本文介绍了将数据插入sqlserver,查询太长我想切入pecies怎么样?的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
使用系统;
使用 System.Collections.Generic;
使用 System.ComponentModel;
使用 System.Data;
使用 System.Drawing;
使用 System.Linq;
使用 System.Text;
使用 System.Windows.Forms;
使用 System.Data.SqlClient;
命名空间 Institutecourse_ado
{
public 部分 类 Form1:表格
{
public Form1()
{
InitializeComponent();
}
private void btninsert_Click( object sender,EventArgs e)
{
SqlConnection con = new SqlConnection( 数据源= UMAR-PC\\SQLEXPRESS;初始目录=机构;持久安全信息=真;用户ID = sa;密码= 123 );
字符串 InsertQuery = 插入课程( CCODE,名称,收费,持续时间,先决条件);
字符串 InsertQuery + = + values(' txtCcode.Text',' txtName.Text', ; / /显示错误
String InsertQuery + = Convert.ToString(txtFee.Text),Convert.ToString(txtDuration.Text),' < span class =code-string> txtPrerequesties.Text'); ; // 显示错误
尝试
{
con.Open();
SqlCommand cmd = new SqlCommand(InsertQuery,con);
cmd.ExecuteNonQuery();
}
catch (例外情况)
{
}
最后
{
con.Close();
}
}
}
}
解决方案
首先,看看你的SQL将生成的命令:
字符串 InsertQuery = 插入课程(ccode,名称,费用,持续时间,先决条件);
字符串 InsertQuery + = + values(' txtCcode.Text',' txtName.Text', ; / /显示错误
String InsertQuery + = Convert.ToString(txtFee.Text),Convert.ToString(txtDuration.Text),' < span class =code-string> txtPrerequesties.Text'); ; // 显示错误总是擦,甚至不会编译!
您可能想说的是:
字符串 InsertQuery = 插入课程(ccode,name,f ee值,持续时间,先决条件);
InsertQuery + = values(' + txtCcode.Text + ',' + txtName.Text + ',';
InsertQuery + = txtFee.Text + ',' + txtDuration.Text + ',' + txtPrerequesties.Text + ');
但是,请不要这样做!不要连接字符串以构建SQL命令。它让您对意外或故意的SQL注入攻击持开放态度,这可能会破坏您的整个数据库。请改用参数化查询。
试试这个:
string InsertQuery = string .Format( @ INSERT INTO课程(ccode,名称,费用,持续时间,先决条件)
VALUES('{0}','{1}','{2}','{3}','{ 4}'),txtCcode.Text,txtName.Text,txtFee.Text,txtDuration.Text,txtPrerequesties.Text);
或者你可以这样做:
string InsertQuery = @ INSERT INTO课程(ccode,名称,费用,持续时间,先决条件)
VALUES(@ ccode,@ name,@ fef,@ duration,@ prerequisites);
cmd.Parameters.Add( @ ccode,txtCcode.Text );
cmd.Parameters.Add( @ name,txtName.Text);
cmd.Parameters.Add( @ fee,txtFee.Text);
cmd.Parameters.Add( @ duration,txtDuration.Text);
cmd.Parameters.Add( @ prerequisites,txtPrerequesties.Text);
using System;
using System.Collections.Generic;
using System.ComponentModel;
using System.Data;
using System.Drawing;
using System.Linq;
using System.Text;
using System.Windows.Forms;
using System.Data.SqlClient;
namespace Institutecourse_ado
{
public partial class Form1 : Form
{
public Form1()
{
InitializeComponent();
}
private void btninsert_Click(object sender, EventArgs e)
{
SqlConnection con = new SqlConnection("Data Source=UMAR-PC\\SQLEXPRESS;Initial Catalog=institute;Persist Security Info=True;User ID=sa;Password=123");
String InsertQuery="insert into courses(ccode,name,fee,duration,prerequisites)";
String InsertQuery +="+ "values ('txtCcode.Text','txtName.Text',";//showing error
String InsertQuery +="Convert.ToString(txtFee.Text),Convert.ToString(txtDuration.Text),'txtPrerequesties.Text');"";//showing error
try
{
con.Open();
SqlCommand cmd = new SqlCommand( InsertQuery,con);
cmd.ExecuteNonQuery();
}
catch (Exception ex)
{
}
finally
{
con.Close();
}
}
}
} 解决方案
Firstly, look at your SQL command that will be produced:
String InsertQuery="insert into courses(ccode,name,fee,duration,prerequisites)"; String InsertQuery +="+ "values ('txtCcode.Text','txtName.Text',";//showing error String InsertQuery +="Convert.ToString(txtFee.Text),Convert.ToString(txtDuration.Text),'txtPrerequesties.Text');"";//showing errorIs total rubish and will not even compile!
What you probably are trying to say is:
String InsertQuery = "insert into courses(ccode,name,fee,duration,prerequisites)"; InsertQuery += "values ('" + txtCcode.Text + "','" + txtName.Text + "','"; InsertQuery += txtFee.Text + "','" + txtDuration.Text + "','" + txtPrerequesties.Text + "')";
But, please don't do it like that! Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
Try this:
string InsertQuery = string.Format(@"INSERT INTO courses (ccode,name,fee,duration,prerequisites) VALUES ('{0}', '{1}', '{2}', '{3}', '{4}') ",txtCcode.Text, txtName.Text, txtFee.Text, txtDuration.Text, txtPrerequesties.Text);
OR you can do it like this:
string InsertQuery = @"INSERT INTO courses (ccode, name, fee, duration, prerequisites) VALUES (@ccode, @name, @fee, @duration, @prerequisites )"; cmd.Parameters.Add("@ccode", txtCcode.Text); cmd.Parameters.Add("@name", txtName.Text); cmd.Parameters.Add("@fee", txtFee.Text); cmd.Parameters.Add("@duration", txtDuration.Text); cmd.Parameters.Add("@prerequisites", txtPrerequesties.Text);
这篇关于将数据插入sqlserver,查询太长我想切入pecies怎么样?的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文
