堆栈内存溢出
  简体   繁体   English

如何将数据RSS插入数据库

[英]How to insert data RSS into database

 原文  2014-04-04 11:28:01       c#/ .net/ xml/ xslt/ rss

问题描述

I need insert in DB the values of xslt file and I tried this code. 我需要在DB中插入xslt文件的值,然后尝试了此代码。 I don't have error in debug but the insertion not executed. 我在调试中没有错误,但是未执行插入操作。

I would greatly appreciate any help you can give me in working this problem, thank you. 非常感谢您为解决这个问题所提供的帮助,谢谢。

Code: 码: 

Stream stream = resp.GetResponseStream();

XmlTextReader reader = new XmlTextReader(stream);
reader.XmlResolver = null;

XmlDocument doc = new XmlDocument();
doc.Load(reader);

xmlRSS.Document = doc;

XmlNodeList dataNodes = doc.SelectNodes("/title");

OdbcCommand command;
OdbcDataAdapter adpter = new OdbcDataAdapter();

foreach (XmlNode node in dataNodes)
{
    string title = node.SelectSingleNode("title").InnerText;

    string sql = "insert into Product values(" + title.ToString() + ")";
    command = new OdbcCommand(sql, connection);
    adpter.InsertCommand = command;
    adpter.InsertCommand.ExecuteNonQuery();
}

XSLT file: XSLT文件: 

<?xml version="1.0"?>
<xsl:stylesheet version="1.0" xmlns:xsl="http://www.w3.org/1999/XSL/Transform">
  <xsl:output method="html" indent="yes"/>
  <xsl:param name="title"/>
  <xsl:template match="rss">
    <xsl:for-each select="channel/item">
      <br>
        <strong>
          <a href="{link}" target="_main">
            <xsl:value-of select="title"/>
          </a>
        </strong>
        <br></br>
        <xsl:value-of select="description" disable-output-escaping="yes"/>
      </br>
      <br></br>
      <xsl:value-of select="pubDate"/>
      <br></br>
    </xsl:for-each>
  </xsl:template>
  <xsl:template match="description">
    <br>
      <xsl:value-of select="."/>
    </br>
  </xsl:template>
</xsl:stylesheet>

New version for SQL Injection but in DB register only title of XSLT file: SQL注入的新版本,但在DB中仅注册XSLT文件的标题: 

foreach (XmlNode node in dataNodes)
{
    string titlenew = node.SelectSingleNode("//title").InnerText;
    string descriptionnew = node.SelectSingleNode("//description").InnerText;
    string pubDatenew = node.SelectSingleNode("//pubDate").InnerText;
    string sql = "insert into Product (title, description, pubdate) values (?,?, STR_TO_DATE(?, '%a, %d %b %Y %H:%i:%s GMT'));";

    connection.Open();
    command = new OdbcCommand(sql, connection);
    command.Parameters.AddWithValue("param1", titlenew.ToString());
    command.Parameters.AddWithValue("param2", descriptionnew.ToString());
    command.Parameters.AddWithValue("param3", pubDatenew.ToString());
    adpter.InsertCommand = command;
    adpter.InsertCommand.ExecuteNonQuery();
    connection.Close();
}

This is the RSS file on the browser (view source). 这是浏览器上的RSS文件(查看源代码)。

I need insert in DB the values: 我需要在数据库中插入值:

  1. For title: News, ASP.NET & Web Development and In Focus; 标题:新闻,ASP.NET和Web开发以及In Focus;
  2. For description: News, ASP.NET & Web Development and In Focus; 有关描述:新闻,ASP.NET和Web开发以及In Focus;
  3. For Pubdate: Fri, 04 Apr 2014 13:57:16 GMT, Wed, 26 Feb 2014 09:39:00 GMT and Wed, 26 Feb 2014 09:39:00 GMT 适用于发布日期:2014年4月4日,星期五,格林尼治标准时间,2014年2月26日,星期三09:39:00和格林尼治标准时间,2014年2月26日,星期三09:39:00 GMT

My code now insert in DB only: 我的代码现在仅插入DB中:

  1. For title: News; 标题:新闻;
  2. For description: News; 描述:新闻;

  3. For Pubdate: Fri, 04 Apr 2014 13:57:16 GMT. 发行日期:2014年4月4日星期五,格林尼治标准时间。 

     <title>News</title> <link>http://.... <description>News</description> <pubDate>Fri, 04 Apr 2014 13:57:16 GMT</pubDate> <dc:date>2014-04-04T13:57:16Z</dc:date> <image> <title>News</title> <url>http://....</url> <link>http://.... </image> <item> <title>ASP.NET & Web Development</title> <link>http://..... <description>ASP.NET & Web Development .....</description> <category> </category> <pubDate>Wed, 26 Feb 2014 09:39:00 GMT</pubDate> <guid isPermaLink="false">http://.....</guid> <dc:title>ASP.NET & Web Development</dc:title> <dc:creator> </dc:creator> <dc:description>ASP.NET & Web Development</dc:description> <dc:date>2014-02-26T09:39:00Z</dc:date> <dc:type>eip_news</dc:type> <dc:source>ASP.NET & Web Development</dc:source> <dc:language>us_US</dc:language> </item> <item> <title>In Focus</title> <link>http://..... <description>In Focus ..... </description> <category> </category> <pubDate>Wed, 26 Feb 2014 09:39:00 GMT</pubDate> <guid isPermaLink="false">http://.....</guid> <dc:title>In Focus</dc:title> <dc:creator> </dc:creator> <dc:description>In Focus</dc:description> <dc:date>2014-02-26T09:39:00Z</dc:date> <dc:type>eip_news</dc:type> <dc:source>In Focus</dc:source> <dc:language>us_US</dc:language> </item>

2 个解决方案

解决方案1
 0  2014-04-04 11:34:10

I'd try to add quotes on your query, that is: 我会尝试在您的查询中添加引号,即: 

string sql = "insert into Product values('" + title.ToString() + "')";

Otherwise I think that the SQL parser is quite confused by quotes contained in your title string. 否则,我认为您的标题字符串中包含的引号会使SQL分析器感到困惑。

解决方案2
 0  2014-04-05 05:16:31

Thanks for the provided details (XML sample and so on). 感谢您提供的详细信息(XML示例等)。

Applying the XSLT you provided to the XML data you provide, a simple HTML page is obtained, consisting only of the list of RSS items (linked title, description and publication date). 将提供的XSLT应用于提供的XML数据,将获得一个简单的HTML页面,该页面仅包含RSS项列表(链接的标题,描述和发布日期)。

But, if I am not wrong (looking at your example) you need a different thing: you want to insert in your database the title, description and publication date of all items but even of the RSS feed (the first title, description and pubDate you encounter in your XML file): I can't understand why you want to do that, but anyway this is what I understood about your requirements. 但是,如果我没看错(看您的示例),则需要另一回事:您想在数据库中插入所有项目的标题,描述和发布日期,甚至包括RSS feed(第一个标题,描述和pubDate)您在XML文件中遇到):我不明白为什么要这么做,但是无论如何,这就是我对您的要求的理解。

If so, then I think that the problem is not specifically in the part of code that handles the insertion of data into DB table, but instead in selection of data operated on XML file. 如果是这样,那么我认为问题不在于处理将数据插入数据库表中的代码部分,而在于选择对XML文件进行操作的数据。

Here is my code (being xml your XML fragment): 这里是我的代码(即xml的XML片段): 

XmlDocument xmlDoc = new XmlDocument();
xmlDoc.LoadXml(xml);

foreach (XmlNode xmlTitle in xmlDoc.SelectNodes("//title"))
{
    XmlNode xmlDescription = xmlTitle.ParentNode.SelectSingleNode("description");
    XmlNode xmlPubDate = xmlTitle.ParentNode.SelectSingleNode("pubDate");

    if (xmlDescription != null && xmlPubDate != null)
    {
        // Instead of printing to console PUT HERE your code to insert data into database

        Console.WriteLine(xmlTitle.InnerText);
        Console.WriteLine(xmlDescription.InnerText);
        Console.WriteLine(xmlPubDate.InnerText);
        Console.WriteLine();
    }
}

The output produced is the following: 产生的输出如下: 

News
News
Fri, 04 Apr 2014 13:57:16 GMT

ASP.NET & Web Development
ASP.NET & Web Development .....
Wed, 26 Feb 2014 09:39:00 GMT

In Focus
In Focus .....
Wed, 26 Feb 2014 09:39:00 GMT

which I think is what you need to fulfill your requirements. 我认为这是您满足要求所需要的。

Instead of dumping all those data to console, you simply have to use your own SQL-injection-safe code to put them into DB table. 无需将所有这些数据转储到控制台,您只需使用自己的SQL注入安全代码将它们放入DB表中即可。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将数据插入数据库 - How Insert data to database C#:如何将数据插入数据库? - C#: How to Insert data into database? 如何将数据表值插入数据库 - How to insert data table values into database 如何使用自动if语句将数据插入数据库? - How to Insert data to database using automatic if statement? 如何将数据插入关系数据库 - How do I insert data into a relational database 如何将数据插入SQL Server数据库 - How to insert Data into sql server database C#中如何向数据库中插入数据 - How to insert data to a database in C# 如何将数据插入数据库C#? - How to insert Data into a Database c#? 如何使用SqlCommand将数据插入数据库表 - How to insert data into a database table using a SqlCommand 如何将数据库中的数据插入到Jquery脚本中 - How to insert data from database into Jquery script
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM