[英]C# SQL statement doesn't work
When I execute the command to insert the values of a data table into a SQL Server database I get an error. 当我执行将数据表的值插入SQL Server数据库的命令时,出现错误。
Incorrect syntax near ','.
','附近的语法不正确。
My code: 我的代码:
for (int i = 1; i < dt.Rows.Count; i++) // i = 1 instead of 0 because of the header row
{
wipSql = "INSERT INTO tblWIP ([FSR Number], [Customer Name], REGN_NM, SUBREGN_NM, [EMP/SUPPLIER Name], [INVTY DATE], " +
"[COST CATEGORY], [PL&M AMOUNT], [LABOR AMOUNT], [T&L PERDIEM], [MEMO COST], [EDI SEQ#], [INVOICE NUMBER], [Grand Total], Age, Business) " +
"VALUES ('"
+ dt.Rows[i]["FSR Number"].ToString().Trim() + "', '"
+ dt.Rows[i]["Customer Name"].ToString().Trim() + "', '"
+ dt.Rows[i]["REGN_NM"].ToString().Trim() + "', '"
+ dt.Rows[i]["SUBREGN_NM"].ToString().Trim() + "', '"
+ dt.Rows[i]["EMP/SUPPlier Name"].ToString().Trim() + "', '"
+ dt.Rows[i]["INVTY DATE"].ToString().Trim() + "', '"
+ dt.Rows[i]["COST CATEGORY"].ToString().Trim() + "', "
+ dt.Rows[i]["PL&M AMOUNT"].ToString().Trim() + ", "
+ dt.Rows[i]["LABOR AMOUNT"].ToString().Trim() + ", "
+ dt.Rows[i]["T&L PERDIEM"].ToString().Trim() + ", "
+ dt.Rows[i]["MEMO COST"].ToString().Trim() + ", '"
+ dt.Rows[i]["EDI SEQ#"].ToString().Trim() + "', '"
+ dt.Rows[i]["INVOICE NUMBER"].ToString().Trim() + "', "
+ dt.Rows[i]["Grand Total"].ToString().Trim() + ", "
+ dt.Rows[i]["Age"].ToString().Trim() + ", '"
+ dt.Rows[i]["Business"].ToString().Trim() + "')";
SqlCommand cmdWIP = new SqlCommand(wipSql, localConnection);
cmdWIP.ExecuteNonQuery();
}
Start using query parameters and problems like this will be avoided and you will be protected from sql injection. 开始使用查询参数,这样可以避免此类问题,并且可以防止sql注入。 Also start using
@
this give you the possibility to write string on multiple lines. 还可以开始使用
@
这使您可以在多行中写入字符串。
wipSql = @"INSERT INTO
tblWIP ([FSR Number], [Customer Name], REGN_NM, SUBREGN_NM, [EMP/SUPPLIER Name], [INVTY DATE], [COST CATEGORY], [PL&M AMOUNT], [LABOR AMOUNT], [T&L PERDIEM], [MEMO COST], [EDI SEQ#], [INVOICE NUMBER], [Grand Total], Age, Business)
VALUES
(@Number, @Name, @Regn_NM, .... and so on )";
//after that here
SqlCommand cmdWIP = new SqlCommand(wipSql, localConnection);
cmdWIP.Parameters.AddWithValue(@Number, dt.Rows[i]["FSR Number"].ToString().Trim());
cmdWIP.Parameters.AddWithValue(@Name, dt.Rows[i]["Customer Name"].ToString().Trim());
cmdWIP.Parameters.AddWithValue(@Regn_NM, dt.Rows[i]["REGN_NM"].ToString().Trim());
//and so on for other parameters
Try this , 尝试这个 ,
string wipSql = string.Empty;
for (int i = 1; i < dt.Rows.Count; i++) // i = 1 instead of 0 because of the header row
{
wipSql = "INSERT INTO tblWIP ([FSR Number], [Customer Name], REGN_NM, SUBREGN_NM, [EMP/SUPPLIER Name], [INVTY DATE], [COST CATEGORY], [PL&M AMOUNT], [LABOR AMOUNT], [T&L PERDIEM], [MEMO COST], [EDI SEQ#], [INVOICE NUMBER], [Grand Total], Age, Business) VALUES(@FSRNumber, @CustomerName, @REGN_NM, @SUBREGN_NM, @SupplierName, @InventoryDate, @CostCategory, @PLMAmount, @LaborAmount, @TLPerdiem, @MemoCost, @Ediseq, @InvoiceNumber, @GrandTotal, @Age, @Business)";
SqlCommand cmdWIP = new SqlCommand(wipSql, localConnection);
cmdWIP.Parameters.AddWithValue("@FSRNumber", dt.Rows[i]["FSR Number"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@CustomerName", dt.Rows[i]["Customer Name"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@REGN_NM", dt.Rows[i]["REGN_NM"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@SUBREGN_NM", dt.Rows[i]["SUBREGN_NM"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@SupplierName", dt.Rows[i]["EMP/SUPPlier Name"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@InventoryDate", dt.Rows[i]["INVTY DATE"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@CostCategory", dt.Rows[i]["COST CATEGORY"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@PLMAmount", dt.Rows[i]["PL&M AMOUNT"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@LaborAmount", dt.Rows[i]["LABOR AMOUNT"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@TLPerdiem", dt.Rows[i]["T&L PERDIEM"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@MemoCost", dt.Rows[i]["MEMO COST"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@Ediseq", dt.Rows[i]["EDI SEQ#"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@InvoiceNumber", dt.Rows[i]["INVOICE NUMBER"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@GrandTotal", dt.Rows[i]["Grand Total"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@Age", dt.Rows[i]["Age"].ToString().Trim());
cmdWIP.Parameters.AddWithValue("@Business", dt.Rows[i]["Business"].ToString().Trim());
cmdWIP.ExecuteNonQuery();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.