插入/更新sql server [英] insert/Update sql server

问题描述

尝试连接和更新sql server。

Trying to connect and update a sql server.

附加插入代码

        private void Trc()
        {
            SqlConnection con = new SqlConnection("Data Source=USCOO-44ND1G2\\sqlexpress;Initial Catalog=model;Integrated Security=True;");
        con.Open();
            SqlCommand cmd = new SqlCommand(@"INSERT INTO Call_Log  (John Doe, Jane Doe) VALUES ('" + J_Doetext.Text + "','" JaneDtext.Text + '"  + "')", con);
        cmd.ExecuteNonQuery();
            con.Close();
        }

调试时我已经让它在失败之前一直流到执行指令。

While debugging I've gotten it to flow all the way to the execute instruction before it fails.

该项目涉及跟踪转发给谁的电子邮件数量。

The project involves tracking the number of emails forwarded to who.

更新代码

private void TrcUpdate()
    {
        SqlConnection con = new SqlConnection("Data Source=USCOO-44ND1G2\\sqlexpress;Initial Catalog=model;Integrated Security=True;");
        con.Open();
        SqlCommand cmd = new SqlCommand(@"UPDATE Call_Log SET John Doe = '" + J_Doetext.Text"' + "'Jane Doe = '" + 

JaneDtext.Text + "')", con);

        cmd.ExecuteNonQuery();
        con.Close();
    }

看到我可能错过的东西？

See something I may have missed??

Tac

tac

推荐答案

我在SQL中看到一个错误声明。显然，您的列名称包含空格。发生这种情况时，您需要将它们括在方括号中：

I see an error in your SQL statements. Apparently, your column names contain blank spaces. When this happens, you need to enclose them between square brackets:

（@ " INSERT INTO Call_Log （[John Doe]，[Jane] Doe]）VALUES（'"
+ J_Doetext 。 文字   +
"'，'" + JaneDtext 。 文字
+ ' ） "，con）;

(@"INSERT INTO Call_Log  ([John Doe], [Jane Doe]) VALUES ('" + J_Doetext.Text + "','" +JaneDtext.Text + ')", con);

此外，您应该了解在SQL查询中连接用户输入可能导致的多个问题，其中最重要的是SQL注入攻击的漏洞。如果它只是一个快速测试并不重要，但你不应该在
生产应用程序中这样做。

Also, you should be aware of the multiple problems that can be caused by concatenating user input in a SQL query, not the least of which is vulnerability to SQL injection attacks. It doesn't matter if it is just a quick test, but you shouldn't do it in a production application.

小心，你搞砸了你的报价和级联。我认为我在上面复制的声明中修复了它们，但是你应该仔细检查它。通过参数化
查询，可以大大减轻此类问题以及SQL注入问题。

Be careful, you had messed up your quotes and concatenations. I think that I fixed them in the statement I copied above, but you should check it carefully. This type of problem, along with the SQL injection problem, can be greatly alleviated by parameterizing the query.

这篇关于插入/更新sql server的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！