C#中的SQL命令不起作用 [英] SQL command in C# doesn't work
问题描述
我正在尝试将新数据添加到名为用户的数据库表中。
I am trying to add new data to the DB table called Users.
public string SendUserData(string Name, string Password, string Email)
{
SqlCeConnection conn = new SqlCeConnection("Data Source = " + HttpContext.Current.Server.MapPath(".") + "\\App_Data\\Database_Users.sdf");
SqlCeCommand cmd = new SqlCeCommand("INSERT INTO User (Username, Password, Email) VALUES ('" + Name + "' , '" + Password+ "' , '" + Email + "')" , conn );
conn.Open();
return cmd.CommandText;
}
它没有在表中张贴任何东西,有什么建议吗?
It doesn't post anything into the table, any suggestions?
推荐答案
命令需要执行
public string SendUserData(string Name, string Password, string Email)
{
using(SqlCeConnection conn = new SqlCeConnection("....."))
using(SqlCeCommand cmd = new SqlCeCommand(@"INSERT INTO User (Username, Password, Email)
VALUES (@name, @pass, @email)" , conn );
{
conn.Open();
cmd.Parameters.AddWithValue("@name", Name);
cmd.Parameters.AddWithValue("@pass", Password);
cmd.Parameters.AddWithValue("@email", EMail);
cmd.ExecuteNonQuery(); // <- This line inserts the record in the database
}
// This line probably is not needed
return cmd.CommandText;
}
任何命令至少应包含一个命令文本和打开的连接。此时,您可以调用命令提供的一种执行方法
Any command should have at least a commandtext and an open connection. At that point you could call one of the execution method provided by the command
- ExecuteNonQuery :对于INSERT / DELETE / UPDATE或
更改数据库架构的其他命令 - ExecuteScalar :要从SQL语句
中检索单个值( COUNT SUM等...) - ExecuteReader :获取一个DataReader,该数据读取器允许从SELECT语句中检索
行数据
- ExecuteNonQuery: For INSERT/DELETE/UPDATE or other commands that change the schema of the database
- ExecuteScalar: To retrieve a single value from an SQL statement (COUNT SUM etc...)
- ExecuteReader: To get a DataReader that allows to retrieve rows of data from a SELECT statement
在此链接有关SqlCommand用法的教程
(或任何派生的DbCommand类,例如SqlCeCommand)
At this link a tutorial about the usage of SqlCommand
(or any kind of derived DbCommand class like SqlCeCommand)
还要注意,连接并且该命令应包含在using语句中,以确保在异常情况下也不再需要它们时关闭并处置这些对象
Notice also that the connection and the command should be enclosed in a using statement to be sure to close and dispose the objects when they are no more needed also in case of exceptions
最后,请勿使用字符串串联以建立一个co mmand文字。始终使用参数化查询来避免sql注入攻击和字符串引号引起的解析问题。小数点分隔符或日期格式
Finally, do not use string concatenation to build a command text. Use always a parameterized query to avoid sql injections attacks and parsing problem with quotes in string. decimal separators or date formats
这篇关于C#中的SQL命令不起作用的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!