SQL Server的无效的列名时添加字符串值 [英] SQL Server Invalid column name when adding string value
问题描述
我是新来的SQL Server
我已经建立了我的表是这样的:
CREATE TABLE事故(
ID INT NOT NULL PRIMARY KEY的身份,
GUID VARCHAR(100),
纬度VARCHAR(100)
经度VARCHAR(100),
PhotoName VARCHAR(100)
)
和我创建了一个Web服务将数据插入到该表,如下所示:
的SqlConnection CON =新的SqlConnection(@工作站ID = DatabaseSample.mssql.somee.com;数据包大小= 4096;用户ID = ???; PWD = ???;数据来源= DatabaseSample.mssql.somee.com;坚持安全信息=假;初始目录= DatabaseSample); 公共字符串addAccidentToDatabase(GUID字符串,字符串imageBase64String,串纬度,经度字符串,字符串photoName)
{
CMD的SqlCommand =新的SqlCommand(INSERT INTO事故(GUID,经纬度,PhotoName)VALUES(
+ GUID +,+纬度+,+经度+,+ photoName +),CON); 尝试
{
con.Open();
cmd.ExecuteNonQuery();
}
赶上(例外五)
{
返回e.Message;
}
最后
{
con.Close();
} 返回成功;
}
所有的东西托管到一个免费的托管服务器。
当我从VS2010测试Web服务,而当我通过数字来所有参数,一个新行成功添加到表中。但是,当我经过至少一个字符串到服务,例如,一个,我得到这个结果:
<字符串的xmlns =http://tempuri.org/方式>无效的列名'A'< /串>
和未添加的行。我不知道为什么他认为A作为列名?任何人都可以帮忙吗?
我不知道为什么他认为A作为列名?
这不难看出。你不应该开发软件,部署它,希望它运行。你应该对它进行测试。提取执行code到一个类的方法,并调用从您的服务。开发时,你叫从单元测试或命令行程序或任何你喜欢来测试这种方法。
您的问题:你不把周围的字符串引号(或者,如果你想VARCHAR处理)查询。你会看到它,如果你只是打印的查询字符串到控制台的例子。
但说实话这就是至少你的问题。你不应该手工工艺SQL。至少使用参数化查询。因此,让您的查询是:
INSERT INTO事故(GUID,经纬度,PhotoName)
VALUES(@GUID,@Latitude,@Longitude,@PhotoName)和绑定的参数:
cmd.Parameters.AddWithValue(@ GUID,GUID);
...I'm new to SQL Server
I've created my table like this:
CREATE TABLE Accidents ( Id INT NOT NULL PRIMARY KEY IDENTITY, GUID VARCHAR(100), Latitude VARCHAR(100), Longitude VARCHAR(100), PhotoName VARCHAR(100) )and I've created a web service to insert data to that table, like this:
SqlConnection con = new SqlConnection(@"workstation id=DatabaseSample.mssql.somee.com;packet size=4096;user id=???;pwd=???;data source=DatabaseSample.mssql.somee.com;persist security info=False;initial catalog=DatabaseSample"); public string addAccidentToDatabase(string GUID, string imageBase64String, string latitude, string longitude, string photoName) { SqlCommand cmd = new SqlCommand("INSERT INTO Accidents (GUID,Latitude,Longitude,PhotoName) VALUES (" + GUID + "," + latitude + "," + longitude + "," + photoName + ")", con); try { con.Open(); cmd.ExecuteNonQuery(); } catch (Exception e) { return e.Message; } finally { con.Close(); } return "succeeded"; }All that stuff is hosted to a free hosting server.
When I test the web service from VS2010, and when I pass numbers to all parameters, a new row is successfully added to the table. But when I pass at least one string to the service, for example "a", I get this result:
<string xmlns="http://tempuri.org/">Invalid column name 'a'.</string>and the row is not added. I wonder why he considered "a" as a column name? Anyone can help?
解决方案I wonder why he considered "a" as a column name?
That's not hard to see. You shouldn't develop software, deploy it and hope it runs. You should test it. Extract the executing code into a class method, and call that from your service. When developing, you call this method from a unit test or commandline program or whatever you like to test with.
Your problem: you don't put quotes around the strings (or varchars if you want) in the query. You would've seen it if you just printed the query string to the console for example.
But honestly that's the least of your problems. You shouldn't hand-craft SQL. At least use parameterized queries. So let your query be:
"INSERT INTO Accidents (GUID, Latitude, Longitude, PhotoName) VALUES (@GUID, @Latitude, @Longitude, @PhotoName)"And bind the parameters:
cmd.Parameters.AddWithValue("@GUID", GUID); ...
这篇关于SQL Server的无效的列名时添加字符串值的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
