C#中的SQL插入语句 [英] sql insert statement in c#

问题描述

嗨
以下是我的插入语句，但未插入值
声明中有任何错误

insert_query = "insert into ##Mytemp(Col1,Col2,Col3) values(" + char_temp + "," +int_temp + "," + tinyint_temp + ");";

谢谢Inadvance

解决方案

尝试

insert_query = "insert into Mytemp(Col1,Col2,Col3) values(" + char_temp + "," +int_temp + "," + tinyint_temp + ")";

但如果在应用程序中使用参数化删除SQ1注入，效果会更好.
使用参数化的SQL查询 [参数化查询的性能含义 [ ^ ]

如果该语句位于存储过程中，并且您首先要创建全局临时表，则应该可以.如果要从客户端运行该语句，则该插入仅在单个批处理中有效，并且必须在同一批处理中创建表.

另外，您正在使用对所有会话可见的全局临时表.这是您真正想要做的吗?与临时表相比，使用表类型变量是一种首选方法.

我不认为您可以按照自己的想法在SQL中创建临时表，因为它仅存在于查询范围内/创建它的存储过程.

Itz建议在SQL中创建一个表以将其放入.

hi
below is my insert statement but its not inserting the values
any thing wrong in the statement

insert_query = "insert into ##Mytemp(Col1,Col2,Col3) values(" + char_temp + "," +int_temp + "," + tinyint_temp + ");";

Thanks Inadvance

解决方案

Try

insert_query = "insert into Mytemp(Col1,Col2,Col3) values(" + char_temp + "," +int_temp + "," + tinyint_temp + ")";

but it should be better if you use parametrized to remove SQl injection in your application.
Using parameterized SQL queries[^]
Check Performance Implications of Parameterized Queries[^]

If the statement is inside a stored procedure and you''re creating the global temporary table first, it should be ok. If you''re trying to run the statement from client side, the insert is valid only within a single batch and you must create the table in the same batch.

Also you''re using global temporary table which is visible to all sessions. Is this what you really want to do? Using table typed variables is a preferred way over temporary tables.

I dont think you can make a temp table in SQL the way you are thinking, since it only exists within the scope of the query/stored procedure that creates it.

Itz recommended to create a Table in SQL to put this into.

这篇关于C#中的SQL插入语句的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！