插入命令在 C# 中没有错误,但数据未插入到 MS SQL Server [英] Insert command works without errors in C# but data is not inserted to the MS SQL Server
问题描述
我正在尝试使用 C# 将数据插入到 Microsoft SQL Server DB 中,并且插入命令运行良好,并且没有出现错误或异常.但是当我在 SQL Server 中检查我的数据库时,对表没有影响,记录也没有插入到表中.这是我尝试的代码:
I am trying to insert data into Microsoft SQL Server DB using C# and the insert command works well and I get no errors or exceptions. But when I check my database in SQL Server there is no effect on the table and the records are not inserted into the table. This is the code that I try:
try
{
SqlConnection con1 = new SqlConnection();
con1.ConnectionString = "Server = (local); Database = My_DataBase; Integrated Security = true";
con1.Open();
SqlCommand cm1 = new SqlCommand();
cm1.Connection = con1;
cm1.CommandText = "insert into Users values('" + update.Message.Chat.Id.ToString() + "','" + update.Message.Chat.FirstName + "','" + update.Message.Chat.LastName + "','@" + update.Message.Chat.Username + "','" + req1.Status + "')";
con1.Close();
}
catch(Exception e)
{
Console.WriteLine(e.Message);
continue;
}
我见过类似的问题 此处 和 此处,但答案并没有解决我的问题.
I've seen similar questions here and here, but the answers did not fix my problem.
此外,当我手动将数据插入数据库并运行如下所述的 select 命令时,我得到了正确的答案,但对于插入命令,我没有.
Also when I insert data to the DB manually and run select command like mentioned below, I get the correct answer but for the insert command I do not.
SqlConnection con2 = new SqlConnection();
con2.ConnectionString = "Server = (local); Database = My_DataBase; Integrated Security = true";
con2.Open();
SqlDataAdapter da1 = new SqlDataAdapter("select * from Users where ChatID='" + update.Message.Chat.Id.ToString() + "'", con2);
DataSet ds1 = new DataSet();
da1.Fill(ds1);
con1.Close();
请帮我解决这个问题.
顺便说一下,我知道这种插入是不安全的,我想让您知道这只是一个演示,我将使其安全以防止sql 注入.
By the way I know that this kind of insertion is not safe and I'l like to let you know that this is just a demo and I will make it secure against sql injection.
推荐答案
你没有在任何地方执行你的命令.您需要:
You are not executing your command anywhere. You need:
cm1.ExecuteNonQuery();
在您的代码中,您正在创建一个 SqlCommand
对象,然后您将一个 SqlConnection
关联到它,但您实际上并没有在任何地方执行命令.您的代码应如下所示:
In your code, you are creating a SqlCommand
object, then you associate a SqlConnection
to it, but in no where you are actually executing the command. Your code should look like:
SqlConnection con1 = new SqlConnection();
con1.ConnectionString = "Server = (local); Database = My_DataBase; Integrated Security = true";
con1.Open();
SqlCommand cm1 = new SqlCommand();
cm1.Connection = con1;
cm1.CommandText = "insert into Users values('" + update.Message.Chat.Id.ToString() + "','" + update.Message.Chat.FirstName + "','" + update.Message.Chat.LastName + "','@" + update.Message.Chat.Username + "','" + req1.Status + "'";
cm1.ExecuteNonQuery();
con1.Close();
除了 SQL 注入漏洞,你应该考虑在 using
语句中包含你的 SqlCommand
和 SqlConnection
对象,这将确保正确处理 un- 管理资源.
Apart from SQL Injection vulnerability, you should consider enclosing your SqlCommand
and SqlConnection
object in using
statement, that will ensure proper disposal of un-managed resources.
这篇关于插入命令在 C# 中没有错误,但数据未插入到 MS SQL Server的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!