将 Guid 值插入 Sql Server(UniqueIdentifier 列)时出错。 (内有说明)
[英]Error while inserting Guid value to Sql Server(UniqueIdentifier column). (Description Inside)
问题描述
I have one table in my DB, in which 2 columns where uniqueidentifier not null type.
我的数据库中有一张表,其中有 2 列 uniqueidentifier 不是 null 类型。 I'm trying to insert a row on that table from asp.net c# as follows,我正在尝试从 asp.net c# 在该表上插入一行,如下所示,
sqlCmd.CommandText = string.Format("Insert Into Member(MemberNo,MemberEmpId,...) values({0},{1},... )", MemNo, MemEmpNo, ...);
It throws me the following exception,它向我抛出以下异常,
"The floating point value '24e46222' is out of the range of computer representation (8 bytes). Incorrect syntax near 'a8c'. The floating point value '6664e7925' is out of the range of computer representation (8 bytes)."
I googled about this error, and got a reference , I tried that but still gives the same error .我用谷歌搜索了这个错误,并得到了一个参考,我试过了,但仍然给出了同样的错误。 could someone help me to solve this.有人可以帮我解决这个问题。 I don't find anything rather than this.除了这个,我找不到任何东西。
Thanks in Advance!提前致谢!
3 个解决方案
解决方案1
7 已采纳 2013-05-20 12:39:20
You are missing quotes on the Guid, that's why you were getting the error.您在 Guid 上缺少引号,这就是您收到错误的原因。 You should actually be using parameterized query to avoid sql injection and issues like this (eg missing quotes)您实际上应该使用参数化查询来避免 sql 注入和此类问题(例如缺少引号)
Should be (but not advisable)应该(但不建议)
values({0},'{1}',... ) //<-- see the added quotes around the Guid part
Ideally, you should be using parameterized理想情况下,您应该使用参数化
values(@id,@guid,... ) //<--
and setting the values并设置值
cmd.Parameters.AddWithValue("@id", someValueHere);
cmd.Parameters.AddWithValue("@guid", someGuidValueHere");
解决方案2
3 2013-05-20 12:34:18
As usual the problems arise from the string concatenation.像往常一样,问题来自字符串连接。
If you had used a parameterized query you would not have had any problems如果您使用了参数化查询,则不会有任何问题
sqlCmd.CommandText = "Insert Into Member(MemberNo,MemberEmpId,...) " +
"values(@guid, @memID,... )";
sqlCmd.Parameters.AddWithValue("@guid", MemNo);
sqlCmd.Parameters.AddWithValue("@memID", MemEmpNo);
....
sqlCmd.ExecuteNonQuery();
In this way, the work to correctly parse the values, will be passed to the framework code who knows better how to handle Guids, strings with quotes, decimals, dates etc...通过这种方式,正确解析值的工作将传递给框架代码,该代码更了解如何处理 Guid、带引号的字符串、小数、日期等......
解决方案3
2 2013-05-20 12:34:07
This problem probably can be solved if you use the parameterized query, rather than embedding all of the values in the query itself.如果您使用参数化查询,而不是将所有值嵌入查询本身,这个问题可能可以解决。 Check out these for examples:查看这些示例:
- http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx http://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.parameters.aspx
- When should "SqlDbType" and "size" be used when adding SqlCommand Parameters? 添加SqlCommand参数时应该什么时候使用“SqlDbType”和“size”?
You could be running into an issue with quotes where one of the text has a quotes that's not escaped, or a mismatch on parameter type in how SQL interprets it, or something else.您可能会遇到引号问题,其中一个文本的引号未转义,或者 SQL 解释它的参数类型不匹配,或其他问题。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.