C#SQL语句不起作用
[英]C# SQL statement doesn't work
问题描述
When I execute the command to insert the values of a data table into a SQL Server database I get an error. 
当我执行将数据表的值插入SQL Server数据库的命令时,出现错误。
Incorrect syntax near ','.
My code: 我的代码:
for (int i = 1; i < dt.Rows.Count; i++) // i = 1 instead of 0 because of the header row
{
wipSql = "INSERT INTO tblWIP ([FSR Number], [Customer Name], REGN_NM, SUBREGN_NM, [EMP/SUPPLIER Name], [INVTY DATE], " +
"[COST CATEGORY], [PL&M AMOUNT], [LABOR AMOUNT], [T&L PERDIEM], [MEMO COST], [EDI SEQ#], [INVOICE NUMBER], [Grand Total], Age, Business) " +
"VALUES ('"
+ dt.Rows[i]["FSR Number"].ToString().Trim() + "', '"
+ dt.Rows[i]["Customer Name"].ToString().Trim() + "', '"
+ dt.Rows[i]["REGN_NM"].ToString().Trim() + "', '"
+ dt.Rows[i]["SUBREGN_NM"].ToString().Trim() + "', '"
+ dt.Rows[i]["EMP/SUPPlier Name"].ToString().Trim() + "', '"
+ dt.Rows[i]["INVTY DATE"].ToString().Trim() + "', '"
+ dt.Rows[i]["COST CATEGORY"].ToString().Trim() + "', "
+ dt.Rows[i]["PL&M AMOUNT"].ToString().Trim() + ", "
+ dt.Rows[i]["LABOR AMOUNT"].ToString().Trim() + ", "
+ dt.Rows[i]["T&L PERDIEM"].ToString().Trim() + ", "
+ dt.Rows[i]["MEMO COST"].ToString().Trim() + ", '"
+ dt.Rows[i]["EDI SEQ#"].ToString().Trim() + "', '"
+ dt.Rows[i]["INVOICE NUMBER"].ToString().Trim() + "', "
+ dt.Rows[i]["Grand Total"].ToString().Trim() + ", "
+ dt.Rows[i]["Age"].ToString().Trim() + ", '"
+ dt.Rows[i]["Business"].ToString().Trim() + "')";
SqlCommand cmdWIP = new SqlCommand(wipSql, localConnection);
cmdWIP.ExecuteNonQuery();
}
2 个解决方案
解决方案1
6 2016-11-21 05:50:35
Start using query parameters and problems like this will be avoided and you will be protected from sql injection. 开始使用查询参数,这样可以避免此类问题,并且可以防止sql注入。 Also start using @ this give you the possibility to write string on multiple lines. 还可以开始使用@这使您可以在多行中写入字符串。
wipSql = @"INSERT INTO
tblWIP ([FSR Number], [Customer Name], REGN_NM, SUBREGN_NM, [EMP/SUPPLIER Name], [INVTY DATE], [COST CATEGORY], [PL&M AMOUNT], [LABOR AMOUNT], [T&L PERDIEM], [MEMO COST], [EDI SEQ#], [INVOICE NUMBER], [Grand Total], Age, Business)
VALUES
(@Number, @Name, @Regn_NM, .... and so on )";
//after that here
SqlCommand cmdWIP = new SqlCommand(wipSql, localConnection);
cmdWIP.Parameters.AddWithValue(@Number, dt.Rows[i]["FSR Number"].ToString().Trim());
cmdWIP.Parameters.AddWithValue(@Name, dt.Rows[i]["Customer Name"].ToString().Trim());
cmdWIP.Parameters.AddWithValue(@Regn_NM, dt.Rows[i]["REGN_NM"].ToString().Trim());
//and so on for other parameters
解决方案2
1 已采纳 2016-11-21 08:43:34
Try this , 尝试这个 ,
string wipSql = string.Empty;
for (int i = 1; i < dt.Rows.Count; i++) // i = 1 instead of 0 because of the header row
{
wipSql = "INSERT INTO tblWIP ([FSR Number], [Customer Name], REGN_NM, SUBREGN_NM, [EMP/SUPPLIER Name], [INVTY DATE], [COST CATEGORY], [PL&M AMOUNT], [LABOR AMOUNT], [T&L PERDIEM], [MEMO COST], [EDI SEQ#], [INVOICE NUMBER], [Grand Total], Age, Business) VALUES(@FSRNumber, @CustomerName, @REGN_NM, @SUBREGN_NM, @SupplierName, @InventoryDate, @CostCategory, @PLMAmount, @LaborAmount, @TLPerdiem, @MemoCost, @Ediseq, @InvoiceNumber, @GrandTotal, @Age, @Business)";
SqlCommand cmdWIP = new SqlCommand(wipSql, localConnection);
cmdWIP.Parameters.AddWithValue("@FSRNumber", dt.Rows[i]["FSR Number"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@CustomerName", dt.Rows[i]["Customer Name"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@REGN_NM", dt.Rows[i]["REGN_NM"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@SUBREGN_NM", dt.Rows[i]["SUBREGN_NM"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@SupplierName", dt.Rows[i]["EMP/SUPPlier Name"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@InventoryDate", dt.Rows[i]["INVTY DATE"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@CostCategory", dt.Rows[i]["COST CATEGORY"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@PLMAmount", dt.Rows[i]["PL&M AMOUNT"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@LaborAmount", dt.Rows[i]["LABOR AMOUNT"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@TLPerdiem", dt.Rows[i]["T&L PERDIEM"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@MemoCost", dt.Rows[i]["MEMO COST"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@Ediseq", dt.Rows[i]["EDI SEQ#"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@InvoiceNumber", dt.Rows[i]["INVOICE NUMBER"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@GrandTotal", dt.Rows[i]["Grand Total"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@Age", dt.Rows[i]["Age"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@Business", dt.Rows[i]["Business"].ToString().Trim());
cmdWIP.ExecuteNonQuery();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
mysql SQL语句不起作用C# - mysql SQL statement doesn't work C#
选择语句不适用于C# - Select statement doesn't work on C#
C#中的SQL命令不起作用 - SQL command in C# doesn't work
C#中的参数SQL不起作用 - Parameter SQL in C# doesn't work
where语句在c#中无法正常工作 - where statement doesn't work correctly in c#
C#获取一个枚举,但在switch语句中无法正常工作 - C# gets an enum, but doesn't work correctly with switch statement
C#SQL更新语句不会更新 - C# SQL Update Statement Doesn't Update
C#sql like语句不起作用 - C# sql like statement don't work
C# SQL INSERT INTO 命令不起作用 - C# SQL INSERT INTO command doesn't work
SQL查询中的更新不起作用C# - Update in SQL query doesn't work c#
相关标签