C#中的SQL INSERT语句 [英] SQL INSERT statements in C#
问题描述
我很困惑为什么这不能正常工作.有人可以照亮吗?我试图在单击按钮后将行插入数据库.
这是我现在拥有的代码段.
I''m stumped as to why this isn''t working properly. Can someone shed some light? I am trying to insert a row into a database once a button is clicked.
This is the code segment I have right now.
ins_comm.CommandText = "INSERT INTO vehicles (make, model_name, model_year, engine_type, transmission_type) VALUES ('" + makeComboBox.Text + "', '" + modelComboBox.Text + "', '" + yearComboBox.Text + "', '" + engineComboBox.Text + "', '" + transTypeComboBox.Text + "')";
ins_comm.ExecuteNonQuery();
一旦第一个组合框被填充,连接将保持打开状态,它将保持打开状态,直到以某种方式关闭表单为止.连接到项目中包含的本地数据库,并且是CE版数据库.
更新:
这是我的新代码段.
The connection stays open once the first combobox is filled in and it will stay open until the form is closed in some fashion. The connection is to a local database contained within the project and it is a CE edition db.
UPDATE:
This is my new code segment.
SqlCeCommand insert_command = new SqlCeCommand("INSERT INTO vehicles (make, model_name, model_year, engine_type, transmission_type) " + "VALUES (@make, @model_name, @model_year, @engine_type, @transmission_type)", conn);
insert_command.Parameters.AddWithValue("@make", makeComboBox.Text);
insert_command.Parameters.AddWithValue("@model_name", modelComboBox.Text);
insert_command.Parameters.AddWithValue("@model_year", yearComboBox.Text);
insert_command.Parameters.AddWithValue("@engine_type", engineComboBox.Text);
insert_command.Parameters.AddWithValue("@transmission_type", transTypeComboBox.Text);
create_adapt.InsertCommand = insert_command;
insert_command.ExecuteNonQuery();
运行该程序后,我的数据库中仍然看不到任何新内容.任何人都可以针对我所缺少的内容向我指出正确的方向吗?
I still do not see anything new in my db after running the program. Can anyone point me in the right direction as to what I''m missing?
推荐答案
首先,您没有使用参数化查询来招惹麻烦! />
从诸如SQL注入之类的严重麻烦到诸如错误的查询形式和逻辑错误之类的简单问题.尽管如果上面的查询您还没有分享执行时究竟发生了什么错误,请尝试执行以下操作:
To start with, you are not using parameterized query to invite trouble!
From serious trouble like SQL injection to simple issue like incorrect query formation and logic errors. Though you have not shared what error exactly is happening on execution if the query above, try somehting like this:
INSERT INTO vehicles (make, model_name, model_year, engine_type, transmission_type) VALUES ("+ @makeComboBoxText + "," + @modelComboBoxText + "," + @yearComboBoxText + "," + @engineComboBoxText + "," + @transTypeComboBoxText + ")";
有关实现参数化查询的更多详细信息,请参见:
MSDN:配置参数和参数数据类型(ADO.NET) [ MSDN:DataAdapter参数(ADO.NET) [ MSDN:SqlCommand.Parameters属性 [ SQL注入缓解:使用参数化查询 [
Much clearler details on implementation of parameterized query, here:
MSDN: Configuring Parameters and Parameter Data Types (ADO.NET)[^]
MSDN: DataAdapter Parameters (ADO.NET)[^]
MSDN: SqlCommand.Parameters Property [^]
Read about protecting from SQL Injection here: SQL Injection Mitigation: Using Parameterized Queries[^]
调试代码,从此处获取查询并将其粘贴到sql server studio中.
在此处运行它可以使您对可能出了问题的地方有一个清晰的认识.
Debug your code, pick up the query from here and paste it in sql server studio.
Running it there will give you a fair idea of what could be going wrong.
我发现新插入的行没有出现在底部,所以我可能有一种选择过滤器打开了我找不到的地方.
I found out that the new inserted row doesn''t appear at the bottom, so I may have a sort filter turned on somewhere that I can''t find.
这篇关于C#中的SQL INSERT语句的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
