C#:如何将数据插入数据库?
[英]C#: How to Insert data into database?
问题描述
I want to add(delete) selected items in listbox from Form1 into sql server.I have three Forms.Wenn I click add button in Form1, Form2 opens and a textbox and save button appear to add the data.It calls from textbox in Form1.The code doesn't give error but nothing happens in database. 
我想将列表框中的选定项从Form1添加(删除)到sql server。我有三个Forms.Wenn,我在Form1中单击添加按钮,Form2打开,并且出现一个文本框和保存按钮以添加数据。它从Form1中的文本框调用该代码没有给出错误,但是数据库中什么也没有发生。 I can't see the problem.The code is below. 我看不到问题,代码在下面。
FORM1: FORM1:
SqlConnection baglan = new SqlConnection(@"Server=10.34.16.219; Database=envanter; User ID=envanter; Password=Er112233;");
SqlCommand cmd = new SqlCommand();
public void button1_Click(object sender, EventArgs e) //from db
{
try
{
baglan.Open();
cmd.Connection = baglan;
cmd.CommandType = CommandType.Text;
cmd.CommandText = @"SELECT @textBox1 FROM Ana";
cmd.Parameters.AddWithValue("@textBox1", textBox1.Text);
cmd.ExecuteNonQuery();
baglan.Close();
}
catch (SqlException exc)
{
MessageBox.Show(exc.Message.ToString(), "Error Message");
}
Form2 f2 = new Form2();
f2.Show();
this.Visible = false;
}
FORM2: FORM2:
SqlConnection baglan = new SqlConnection(@"Server=10.34.16.219; Database=envanter; User ID=envanter; Password=Er112233;");
SqlCommand cmd = new SqlCommand();
private void button1_Click(object sender, EventArgs e) //add
{
try
{
baglan.Open();
cmd.Connection = baglan;
cmd.CommandType = CommandType.Text;
cmd.CommandText = @"INSERT INTO Ana(f1.textBox1.Text) VALUES(@p1)";
cmd.Parameters.AddWithValue("@p1", textBox1.Text);
MessageBox.Show("Inserted");
baglan.Close();
}
catch (Exception)
{
baglan.Close();
MessageBox.Show("Kayıt yapılmış!");
}
finally
{
Form2_Load(sender, e);
}
Form1 f1 = new Form1();
f1.Show();
this.Hide();
}
2 个解决方案
解决方案1
2 已采纳 2014-02-18 15:17:57
You can't parameterize your columns. 您无法参数化列。 You can parameterize only your values. 您只能参数化您的值。
That's why you can't write; 这就是为什么你不能写;
cmd.CommandText = @"SELECT @textBox1 FROM Ana";
cmd.Parameters.AddWithValue("@textBox1", textBox1.Text);
Actually you can, this is a valid syntax for C#, but it is not a valid SQL. 实际上,您可以使用,这是C#的有效语法,但不是有效的SQL。 If you really parameterize your columns, take a look dynamic SQL. 如果您真的对列进行参数化,请看一下动态SQL。
And you didn't execute your SqlCommand in your Form2 . 而且您没有在Form2执行SqlCommand 。
解决方案2
0 2014-02-18 15:18:04
There is no call to ExecuteNonQuery in Form2. 在Form2中没有对ExecuteNonQuery调用。 However, as @SonerGönül also stated in his answer , running the command will lead to other errors as you cannot directly include the textbox in the string. 但是,正如@SonerGönül在回答中也指出的那样,运行命令将导致其他错误,因为您无法直接在字符串中包含文本框。 You'd have to change the query to: 您必须将查询更改为:
cmd.CommandText = @"INSERT INTO Ana(" + f1.textBox1.Text + ") VALUES(@p1)";
Please note that you have to be absolutely sure that the TextBox does not contain dangerous SQL contents as this might lead to SQL injection attacks. 请注意,您必须绝对确保TextBox不包含危险的SQL内容,因为这可能导致SQL注入攻击。 You should rethink whether you need to identify the column dynamically. 您应该重新考虑是否需要动态识别列。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.