[英]Why won't my code write to SQL?
I'm writing an app to store texts to an SQL database, but my code throws an exception saying "the variable name @par1 has already been declared", I'm not sure how to get this working and would like some help fixing this if possible please =] 我正在编写一个将文本存储到SQL数据库的应用程序,但是我的代码引发了一个异常,说“变量名@ par1已经声明”,我不确定如何使它正常工作,并希望获得一些帮助来解决此问题如果可能,请=]
offending code is below 违规代码如下
private void SMSGetter()
{
try {
DecodedShortMessage[] messages = Comm.ReadMessages(PhoneMessageStatus.All, PhoneStorageType.Sim);
SqlConnection Conn = new SqlConnection("Data Source=*********;Initial Catalog=********;User ID=**********;Password=***********");
SqlCommand com = new SqlCommand();
com.Connection = Conn;
Conn.Open();
foreach (DecodedShortMessage message in messages)
{
//com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES ('" + message.Data.UserDataText + "', 'Yes')");
//com.ExecuteNonQuery();
com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES (@par1,@par2)");
com.Parameters.AddWithValue("@par1", message.Data.UserDataText);
com.Parameters.AddWithValue("@par2", "Yes");
com.ExecuteNonQuery();
}
Conn.Close();
}
catch (Exception ex) {
Log(ex.ToString());
}
}
You are using the same command for every iteration, but adding parameters each time. 每次迭代都使用相同的命令,但是每次都添加参数。 Try calling
尝试致电
com.Parameters.Clear();
at the end of each loop iteration. 在每个循环迭代结束时。 You could also pre-create the parameters and just set the
.Value
per iteration - probably marginally faster. 您还可以预先创建参数,并只需设置每次迭代的
.Value
可能略快一些。
Also: fix the SQL injection hole :) 另外:修复SQL注入孔:)
private void SMSGetter()
{
Log("Getter Fired");
//var message = GSM.ReadMessage(4);
//GSM.ReadMessage(4);
//TcpClientChannel client = new TcpClientChannel();
//ChannelServices.RegisterChannel(client, false);
//string url = "*******";
//ISmsSender smssender = (ISmsSender)Activator.GetObject(typeof(ISmsSender), url);
try
{
DecodedShortMessage[] messages = Comm.ReadMessages(PhoneMessageStatus.All, PhoneStorageType.Sim);
SqlConnection Conn = new SqlConnection("Data Source=*********;Initial Catalog=********;User ID=**********;Password=***********");
SqlCommand com = new SqlCommand();
com.Connection = Conn;
Conn.Open();
com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES (@par1,@par2)");
com.Parameters.Add("@par1");
com.Parameters.Add("@par2");
foreach (DecodedShortMessage message in messages)
{
com.Parameters["@par1"].value = message.Data.UserDataText;
com.Prepare(); //fix SQL injection :)
com.ExecuteNonQuery();
}
Conn.Close();
}
catch (Exception ex)
{
Log(ex.ToString());
}
}
You are adding the parameters at every iteration in foreach. 您将在foreach的每次迭代中添加参数。 Consider the following:
考虑以下:
com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES (@par1,@par2)");
command.Parameters.Add(new SqlParameter("@par1", ""));
com.Parameters.AddWithValue("@par2", "Yes");
foreach (DecodedShortMessage message in messages)
{
command.Parameters["@par1"].Value = message.Data.UserDataText;
com.ExecuteNonQuery();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.