如何将数据插入到SQL服务器 [英] How to insert data into SQL Server
本文介绍了如何将数据插入到SQL服务器的处理方法,对大家解决问题具有一定的参考价值,需要的朋友们下面随着小编来一起学习吧!
问题描述
在什么我的编码问题?我不能插入数据,MS SQL ..我使用C#作为前端和MS SQL数据库作为...
NAME = tbName.Text;
用户id = tbStaffId.Text;
idDepart = int.Parse(cbDepart.SelectedValue.ToString());字符串saveStaff =INSERT INTO tbl_staff(staffName,用户ID,idDepartment)+
VALUES('+名字+,+用户id +,+ idDepart +');;的SqlCommand querySaveStaff =新的SqlCommand(saveStaff);尝试
{
querySaveStaff.ExecuteNonQuery();
}
抓住
{
//错误时保存数据的MessageBox.show(错误,以节省数据库);
openCon.Close();
光标= Cursors.Arrow;
}
解决方案
您必须设置Command对象的连接属性,并使用parametersized查询,而不是硬codeD SQL避免的 SQL注入。
使用(SqlConnection的openCon =新的SqlConnection(your_connection_String))
{
字符串saveStaff =INSERT INTO tbl_staff(staffName,用户ID,idDepartment)VALUES(@ staffName,@用户ID,@ idDepartment); 使用(的SqlCommand querySaveStaff =新的SqlCommand(saveStaff))
{
querySaveStaff.Connection = openCon;
querySaveStaff.Parameters.Add(@ staffName,SqlDbType.VarChar,30).value的=名称;
.....
openCon.Open();
}
}
What the problem on my coding? I cannot insert data to ms sql.. I'm using C# as front end and MS SQL as databases...
name = tbName.Text;
userId = tbStaffId.Text;
idDepart = int.Parse(cbDepart.SelectedValue.ToString());
string saveStaff = "INSERT into tbl_staff (staffName,userID,idDepartment) " +
" VALUES ('" + name + "', '" + userId +"', '" + idDepart + "');";
SqlCommand querySaveStaff = new SqlCommand(saveStaff);
try
{
querySaveStaff.ExecuteNonQuery();
}
catch
{
//Error when save data
MessageBox.Show("Error to save on database");
openCon.Close();
Cursor = Cursors.Arrow;
}
解决方案
You have to set Connection property of Command object and use parametersized query instead of hardcoded SQL to avoid SQL Injection.
using(SqlConnection openCon=new SqlConnection("your_connection_String"))
{
string saveStaff = "INSERT into tbl_staff (staffName,userID,idDepartment) VALUES (@staffName,@userID,@idDepartment)";
using(SqlCommand querySaveStaff = new SqlCommand(saveStaff))
{
querySaveStaff.Connection=openCon;
querySaveStaff.Parameters.Add("@staffName",SqlDbType.VarChar,30).Value=name;
.....
openCon.Open();
}
}
这篇关于如何将数据插入到SQL服务器的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!
查看全文