使用C#将数据插入Access数据库无法正常工作
[英]insert data into access database using c# not working
问题描述
I am trying to add data into an access database, so far this is what I have. 
我正在尝试将数据添加到Access数据库中,到目前为止,这就是我所拥有的。
try
{
connection.Open();
String dataInsert = "INSERT into ClientsT (FirstName, LastName, Address, Email, Phone, CellPhone, Notes) values('" + boxAddName.Text.ToString() + "', '" + boxAddLastName.Text + "', '" + boxAddAdress.Text + "', '" + boxAddEmail.Text + "', '" + boxAddPhone + "', '" + boxAddCellPhone + "','" + boxAddObs.Text + "')";
OleDbCommand command = new OleDbCommand(dataInsert, connection);
command.ExecuteNonQuery();
connection.Close();
MessageBox.Show("Client added,");
} catch(Exception ex){
MessageBox.Show("Error :" + ex);
}
}
It does't give me any king of error menssage, the code executes just fine but nothing is added to the database. 它不会给我带来任何错误提示,代码执行得很好,但是没有任何内容添加到数据库中。
Please note that I am farly new to c# and it's my first time working with databases. 请注意,我是C#的新手,这是我第一次使用数据库。
2 个解决方案
解决方案1
0 已采纳 2015-07-17 23:10:22
Now hang on a minute there! 现在等一下!
You are introducing a potentially disastrous security hole. 您正在引入潜在的灾难性安全漏洞。 Let me show you why: 让我告诉你为什么:
String dataInsert = "INSERT into ClientsT (FirstName, LastName, Address, Email, Phone, CellPhone, Notes) values('" + boxAddName.Text.ToString() + "', '" + boxAddLastName.Text + "', '" + boxAddAdress.Text + "', '" + boxAddEmail.Text + "', '" + boxAddPhone + "', '" + boxAddCellPhone + "','" + boxAddObs.Text + "')";
In particular these lines: 特别是这些行:
boxAddName.Text.ToString() // You're converting a string to a string, which is redundant. :P You are also missing a semicolon here.
boxAddLastName.Text
boxAddAdress.Text
boxAddEmail.Text
boxAddPhone // Not a security problem, but you're inserting the TextBox control, not it's text.
boxAddCellPhone // Same as above.
boxAddObs.Text
What you're doing with this is basically allowing the user to put anything they want into the database. 您要做的基本上是允许用户将他们想要的任何内容放入数据库中。 With this, the user can insert whatever they want, or even use an SQL injection exploit. 这样,用户可以插入任何他们想要的内容,甚至可以使用SQL injection漏洞。 You should always sanitize your input. 您应该始终清理输入内容。
You could do something like this: 您可以执行以下操作:
string Query = "INSERT into ClientsT (FirstName, LastName, Address, Email, Phone, CellPhone, Notes) values(@FirstName, @LastName, @Address, @Email, @Phone, @CellPhone, @Notes)";
using (SqlConnection connection = new SqlConnection(ConnectionString))
using (SqlCommand cmd = new SqlCommand(Query))
{
connection.Open();
// Please make sure you edit the SqlDbType to the correct SQL Data Type. They are VarChar by default in this example. It's on you to fix that.
cmd.Parameters.Add("@FirstName", SqlDbType.VarChar) = boxAddName.Text;
cmd.Parameters.Add("@LastName", SqlDbType.VarChar) = boxAddLastName.Text;
cmd.Parameters.Add("@Address", SqlDbType.VarChar) = boxAddAddress.Text;
cmd.Parameters.Add("@Email", SqlDbType.VarChar) = boxAddEmail.Text;
cmd.Parameters.Add("@Phone", SqlDbType.VarChar) = boxAddPhone.Text;
cmd.Parameters.Add("@CellPhone", SqlDbType.VarChar) boxAddCellPhone.Text;
cmd.Parameters.Add("@Notes", SqlDbType.VarChar) = boxAddNotes.Text;
// Insert writing code here.
}
Your problem is simply this: 您的问题很简单:
You're trying to insert the TextBox control on multiple occasions. 您正在尝试多次插入TextBox 控件 。 Look at boxAddPhone , and boxAddCellphone : you need to use TextBoxName.Text , not TextBoxName . 查看boxAddPhone和boxAddCellphone :您需要使用TextBoxName.Text ,而不是TextBoxName 。 So it's going to throw an exception, and since you're catching ALL exceptions, you won't know what went wrong. 因此,它将引发异常,并且由于您正在捕获所有异常,因此您将不知道出了什么问题。 It could be anything. 可能是任何东西。
Finally, you're also adding boxAddObs , which is not inserted with the first INSERT INTO ClientsT (...) statement. 最后,您还要添加boxAddObs ,它不会与第一个INSERT INTO ClientsT (...)语句一起插入。
解决方案2
0 2015-07-17 23:11:25
看起来“ boxAddPhone”和“ boxAddCellPhone”缺少“ .Text”
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.