[英]winform C# using sql server 2008
I have a problem with database I am using winform in c# when i enter data through form it create a space in name column before data so i want to remove it can anyone help me name column has datatype varchar whereas contact no has numeric datatype it won't create space before it 我有一个数据库问题,当我通过表单输入数据时,我正在c#中使用winform,它在数据之前在名称列中创建了一个空格,所以我想删除它,任何人都可以帮助我,名称列的数据类型为varchar,而没有联系的数字数据类型则为赢在它之前创造空间
My Code: 我的代码:
private void btnAddNew_Click(object sender, EventArgs e)
{
string Gender = "";
if (radioButton1.Checked)
{
Gender = "Male";
}
else if (radioButton2.Checked)
{
Gender = "Female";
}
if (txtName.Text == "")
{
MessageBox.Show("Enter the customer name.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
txtName.Focus();
}
else if (Gender == "")
{
MessageBox.Show("Enter the gender.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
grpGender.Focus();
}
else if (txtAddress.Text == "")
{
MessageBox.Show("Enter the Address.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
txtAddress.Focus();
}
else if (txtContact.Text == "")
{
MessageBox.Show("Enter Contact No.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
txtContact.Focus();
}
else
{
SqlConnection con = new SqlConnection("Data Source=RANJEETMAURYA;Initial Catalog=Project;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
(Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text + " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " + txtEmail.Text + " ')", con);
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Customer Information Added Successfully.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Information);
SQLFunctions.Refresh(this.dataGridView1);
clear();
}
}
Problem : You are adding extra spaces while providing parameter values in INSERT INTO
statement as below: 问题:您在INSERT INTO
语句中提供参数值时添加了额外的空格,如下所示:
|
|
>
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text
+ " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " +
txtEmail.Text + " ')", con);
Suggestion: your query is open to sqlinjection attacks so i would suggest you to use Parameterised queries to avoid them. 建议:您的查询容易受到sqlinjection攻击,所以我建议您使用参数化查询来避免它们。
Try This: using Parameterised Queries
试试看:使用Parameterised Queries
Replace This: 替换为:
SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
(Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text + " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " + txtEmail.Text + " ')", con);
With This: 有了这个:
SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
(Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES(@Date,@Contact,,@Name,@Gender,@Address,@Email)", con);
cmd.Parameters.AddWithValue("@Date",this.dateTimePicker1.Value.ToString("MM/dd/yyyy"));
cmd.Parameters.AddWithValue("@Contact",txtContact.Text);
cmd.Parameters.AddWithValue("@Name",txtName.Text);
cmd.Parameters.AddWithValue("@Gender",Gender);
cmd.Parameters.AddWithValue("@Address", txtAddress.Text);
cmd.Parameters.AddWithValue("@Email", txtEmail.Text);
remove the spaces 删除空格
" ',' " + txtName.Text.Trim() + " ',' " + Gender + " ',' "
to 至
"','" + txtName.Text.Trim() + "','" + Gender + "','"
but You better delete all these string concatenation and start using SQL parameters 但是您最好删除所有这些字符串连接并开始使用SQL参数
look at this line 看这条线
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text + " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " + txtEmail.Text + " ')", con);
you have placed a space before and after the single quotation. 您已经在单引号前后放置了一个空格。 for example 例如
' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',
Actually you have specified space after and before all the value assignment. 实际上,您已经在所有值分配之前和之后指定了空格。
BTW, this is not a good method to Insert/Update/Delete operation in database. 顺便说一句,这不是在数据库中执行插入/更新/删除操作的好方法。 You should use Parenthesized Query instead. 您应该改用带括号的查询。
SqlCommand Cmd = Connection.CreateCommand();
Cmd.CommandText = "Insert Into [TableName](Column1,Column2,Column3)Values(@Column1,Column2,Column3)";
Cmd.Parameters.Add("@@Column1", SqlDbType.Int).Value = 1;
Cmd.Parameters.Add("@@Column1", SqlDbType.Varchar).Value = "Shell";
Cmd.Parameters.Add("@@Column1", SqlDbType.SmallDateTime).Value = System.DateTime.Now;
Cmd.ExecuteNonQuery();
You have some additional spaces right after and before "'". 在“'”之前和之后还有一些其他空格。 Remove them, because it will directly inserts into database. 删除它们,因为它将直接插入数据库。
Use this : 用这个 :
SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
(Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES('" + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + "','" + txtName.Text + "','" + Gender + "','" + txtAddress.Text + "','" + txtContact.Text + "','" + txtEmail.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Customer Information Added Successfully.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Information);
SQLFunctions.Refresh(this.dataGridView1);
clear();
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.