[英]How to bind text from textboxes to SQL Server table with IDENTITY (1, 1 )
Just like in title (C#, Visual Studio 2015). 就像标题(C#,Visual Studio 2015)一样。
I have a Database.mdf
file in Visual Studio. 我在Visual Studio中有一个
Database.mdf
文件。 I have 5 texboxes and I want to bind the text from this texboxes to database tables. 我有5个texbox,我想将文本从该texbox绑定到数据库表。
My primary key has an IDENTITY(1,1)
attribute. 我的主键具有
IDENTITY(1,1)
属性。 I don't know how I can resolve this problem. 我不知道该如何解决这个问题。 Binding should be pressing by the button click.
绑定应通过单击按钮来按下。
SqlConnection conn = new SqlConnection(@"Data Source = (LocalDB)\MSSQLLocalDB; AttachDbFilename = C:\Users\Mariusz\Desktop\SerwisKomputerowyDB\SerwisKomputerowyDB\SerwisKomputerowyDB\Database1.mdf; Integrated Security = True");
conn.Open();
SqlCommand newCmd = conn.CreateCommand();
newCmd.Connection = conn;
newCmd.CommandType = CommandType.Text;
newCmd.CommandText = "INSERT INTO [dbo].[KlienciIndywidualni] VALUES (,'" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "','" + textBox5.Text + "')";
newCmd.ExecuteNonQuery();
conn.Close();
Sorry for my english. 对不起我的英语不好。
If you have a table with an IDENTITY
column, you need to make sure NOT to insert a value into that column when you insert data. 如果您的表具有
IDENTITY
列,则需要确保在插入数据时不要在该列中插入值。
So you need to explicitly define the column names you insert into - which is really always a good idea and you should do this always, anyway: 因此,您需要显式定义要插入的列名-这实际上总是一个好主意,并且无论如何都应始终这样做:
// define query WITH PARAMETERS! Don't concatenate together your SQL - never EVER !
string insertQry = "INSERT INTO [dbo].[KlienciIndywidualni] (TextCol1, TextCol2, TextCol3, TextCol4, TextCol5) " +
"VALUES (@TextValue1, @TextValue2, @TextValue3, @TextValue4, @TextValue5);";
// create connection and command object
using (SqlConnection conn = new SqlConnection(@"Data Source = (LocalDB)\MSSQLLocalDB; AttachDbFilename = C:\Users\Mariusz\Desktop\SerwisKomputerowyDB\SerwisKomputerowyDB\SerwisKomputerowyDB\Database1.mdf; Integrated Security = True"))
using (SqlCommand cmd = new SqlCommand(insertQry, conn))
{
// set up parameters and define values
cmd.Parameters.Add("@TextValue1", SqlDbType.VarChar, 50).Value = textBox1.Text;
cmd.Parameters.Add("@TextValue2", SqlDbType.VarChar, 50).Value = textBox2.Text;
cmd.Parameters.Add("@TextValue3", SqlDbType.VarChar, 50).Value = textBox3.Text;
cmd.Parameters.Add("@TextValue4", SqlDbType.VarChar, 50).Value = textBox4.Text;
cmd.Parameters.Add("@TextValue5", SqlDbType.VarChar, 50).Value = textBox5.Text;
// open connection, execute INSERT command, close connection
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
}
}
You have to use the insert statement with column names eg 您必须将insert语句与列名一起使用,例如
INSERT INTO [dbo].[KlienciIndywidualni](column2, column3) VALUES (value2, value3)";
Refer w3school article - SQL INSERT INTO Statement 请参阅w3school文章-SQL INSERT INTO语句
To prevent sql injection vulnerability check this Reference ie by concatenating values, use parameterized queries. 为防止sql注入漏洞, 请检查此参考,即通过串联值,请使用参数化查询。 eg
例如
newCmd.CommandType = CommandType.Text;
newCmd.CommandText = "INSERT INTO [dbo].[KlienciIndywidualni](column2, column3) VALUES (@val1, @val2)";
newCmd.Parameters.AddWithValue("@val1", textBox1.Text);
newCmd.Parameters.AddWithValue("@val2", textBox2.Text);
newCmd.ExecuteNonQuery();
string insertQry = "INSERT INTO [dbo].[KlienciIndywidualni] (Imię, Nazwisko, Telefon, E-mail,Adres) " +
"VALUES (@Imię, @Nazwisko, @Telefon, @E-mail, @Adres);";
using (SqlConnection conn = new SqlConnection(@"Data Source=(LocalDB)\MSSQLLocalDB;AttachDbFilename=C:\Users\Mariusz\Desktop\AplikacjaNaInzynierie\AplikacjaNaInzynierie\Baza.mdf;Integrated Security=True"))
using (SqlCommand cmd = new SqlCommand(insertQry, conn))
{
cmd.Parameters.Add("@Imię", SqlDbType.VarChar, 50).Value = textBox1.Text;
cmd.Parameters.Add("@Nazwisko", SqlDbType.VarChar, 50).Value = textBox2.Text;
cmd.Parameters.Add("@Telefon", SqlDbType.VarChar, 50).Value = textBox3.Text;
cmd.Parameters.Add("@E-mail", SqlDbType.VarChar, 50).Value = textBox4.Text;
cmd.Parameters.Add("@Adres", SqlDbType.VarChar, 50).Value = textBox5.Text;
conn.Open();
cmd.ExecuteNonQuery();
conn.Close();
}
I still have error... 我仍然有错误...
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.