使用String SQL向数据库添加数据 [英] add data to database using String SQL
问题描述
有人可以给我一个使用String SQL命令将数据插入数据库的示例,其中包括插入值,值以及位置吗?
我试图自己编写,但它给了我错误,该错误表明关键字where附近的语法不正确.
这是我的代码;
Can anybody give me an example for inserting data to database using String SQL command which includes insert into, values and also where?
I tried to write own-by-own but it gives me error which says incorrect syntax near the keyword where.
And this is my code;
String SQL = " insert into measurrrecords(pulse)"+
"values ('"+textBox1.Text"')"+
"where ID= '"ComboBox1.SelectedIndex"'";
您如何看待我的问题?
What do you think about my problem?
推荐答案
您不能在INSERT
上使用WHERE
子句-对:)毫无意义.
有许多 ^ ]在网络上,我建议您通读一些内容-您将了解更多比在这里得到零星的解决方案更重要
You can''t use aWHERE
clause on anINSERT
- and it makes no sense to :)
There are loads of SQL Tutorials[^] on the web, I''d suggest you read through some - you''ll learn considerably more than getting piecemeal solutions on here
我认为有两件事:
1)您忘记了多个加号:
I think two things:
1) You forgot a number of plus signs:
"values ('"+textBox1.Text"')"+
成为
"values ('"+textBox1.Text + "')"+
和
"where ID= '"ComboBox1.SelectedIndex"'";
成为
"where ID= '" + ComboBox1.SelectedIndex + "'";
和
2)你不应该那样做.不要连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门,这可能会破坏整个数据库.改为使用参数化查询.
and
2) You shouldn''t do it like that. Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead.
这篇关于使用String SQL向数据库添加数据的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!