我想将数据插入数据库
[英]I want to insert the data to the database
问题描述
I want insert the data into the database. 
我想将数据插入数据库。
string pa = "4898";
string equery="Insert into Users(pas)values('"+pa+"')";
while I inserting the data to the database,its says string or binary data would be truncated the statement has been terminated. 当我将数据插入数据库时,它说字符串或二进制数据将被截断,语句已终止。 So I changed nvarchar(50) into nvarchar(max) in the table. 所以我在表中将nvarchar(50)更改为nvarchar(max) 。
And these statement has been executed and saved in the database of unreadable format like 傉䝎ਚ this. 而这些语句已被执行,并保存在不可读格式如数据库傉䝎ਚ这一点。 And how can be over come this problem and save the data in the database as "4898". 以及如何解决该问题并将数据存储在数据库中为“ 4898”。
private void save_Click(object sender, EventArgs e)
{
string password = "4898";
string equery="Insert into Users(name,gender,dateofbirth,age,fathername,
address,citiy,state,country,zipcode,
mobile,phone,email,jobtitle,
dateofjoin,pic,passwords)
values('"+nametxt.Text.ToString().Trim()+"',
@gender,
'"+dateofbirth.Text.ToString().Trim()+"',
'"+age.Value.ToString().Trim()+"',
'"+fathertxt.Text.ToString().Trim()+"',
'"+addresstxt.Text.ToString().Trim()+"',
'"+citiytxt.Text.ToString().Trim()+"',
'"+statetxt.Text.ToString().Trim()+"',
'"+country.Text.ToString().Trim()+"',
'"+ziptxt.Text.ToString().Trim()+"',
'"+mobiletxt.Text.ToString().Trim()+"',
'"+phonetxt.Text.ToString().Trim()+"',
'"+emailtxt.Text.ToString().Trim()+"',
'"+jobtxt.Text.ToString().Trim()+
"','"+dateofjoin.Text.ToString().Trim()+"',
'"+password+"',@pic)";
SqlCommand cmd = new SqlCommand(equery, con);
if(male.Checked)
cmd.Parameters.AddWithValue("@gender","Male");
else
cmd.Parameters.AddWithValue("@gender","Female");
MemoryStream stream = new MemoryStream();
pictureBox1.Image.Save(stream,System.Drawing.Imaging.ImageFormat.Png);
byte[] pic = stream.ToArray();
cmd.Parameters.AddWithValue("@pic", pic);
try
{
con.Open();
cmd.ExecuteNonQuery();
MessageBox.Show("Saved Successfully");
}
catch (Exception ex)
{
MessageBox.Show(ex.Message);
}
finally
{
con.Close();
}
MessageBox.Show("Saved Successfully");
idtxt.Text = "";
nametxt.Text = "";
age.Value = Convert.ToDecimal(null);
male.Checked = false;
female.Checked = false;
dateofbirth.Text = "";
fathertxt.Text = "";
addresstxt.Text = "";
citiytxt.Text = "";
statetxt.Text = "";
country.Text = "";
ziptxt.Text = "";
mobiletxt.Text = "";
phonetxt.Text = "";
emailtxt.Text = "";
dateofjoin.Text = "";
jobtxt.Text = "";
pictureBox1.Image = null;
}
2 个解决方案
解决方案1
4 已采纳 2013-08-19 07:37:44
Looking at your insert statement: 查看您的插入语句:
"Insert into Users(... pic,passwords) values (... '"+password+"',@pic)";
it seems that you interchanged pic and passwords . 看来您互换了pic和passwords 。
Also, as others already pointed out in the comments, you should use only parameterised queries (to prevent SQL Injection), especially when handling text inserted by an user or any other untrusted source. 同样,正如其他人在评论中已经指出的那样,您应该仅使用参数化查询(以防止SQL注入),尤其是在处理用户或任何其他不可信来源插入的文本时。
解决方案2
0 2013-08-19 07:58:42
There is a Logical error in your code. 您的代码中存在逻辑错误。 Interchange 立交
'"+password+"',@pic)";
in your string equery. 在您的字符串查询中。 By the way a suggestion! 顺便提个建议! It is better to use 'linq to Sql' rather than query pass method! 最好使用“ linq to Sql”而不是查询传递方法! Because 'Linq to Sql' does every thing for you. 因为“ Linq to Sql”可以为您做所有事情。 you just have to give values :) 您只需要提供值即可:)
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.