堆栈内存溢出
  简体   繁体   English

我需要使用visual studio(c#语言)创建一个sql server数据库表。 但表的名称必须是用户的输入

[英]I need to create a sql server database table using visual studio(c# language) . But the name of the table has to be an input from the user

 原文  2016-11-28 17:30:04       c#/ winforms

问题描述

con1.Open();
cmd = new SqlCommand("create table [dbo.][" + textBox2.Text + "](sno int primary key identity(1,1),[Week] [int]  not null ,Date nvarchar(30) not null,Time nvarchar(30) not null,Monday_1st_half nvarchar(20),Monday_2nd_half nvarchar(20),Tuesday_1st_half nvarchar(20),Tuesday_2nd_half nvarchar(20),Wednesday_1st_half nvarchar(20),Wednesday_2nd_half nvarchar(20),Thursday_1st_half nvarchar(20),Thursday_2nd_half nvarchar(20),Friday_1st_half nvarchar(20),Friday_2nd_half nvarchar(20),Saturday_1st_half nvarchar(20),Saturday_2nd_half nvarchar(20),Sunday_1st_half nvarchar(20),Sunday_2nd_half nvarchar(20))", con1);
cmd.ExecuteNonQuery();
con1.Close();

This query works if i give the table a hard coded name instead of the textbox.text value, a table is created. 如果我为表提供硬编码名称而不是textbox.text值,则此查询有效,将创建一个表。 But when i use this code it creates a table with the name 'dbo.'. 但是,当我使用此代码时,它会创建一个名为“dbo”的表。 If i delete the "[dbo.]" from the query, it gives an error saying 'object is missing'. 如果我从查询中删除“[dbo。]”,则会显示错误消息“对象丢失”。 can someone help me out?. 有人可以帮我吗?。

1 个解决方案

解决方案1
 0 已采纳  2016-11-28 17:49:48

Here's a better way to do this. 这是一个更好的方法来做到这一点。 First create the following stored procedure: 首先创建以下存储过程: 

CREATE PROC dbo.MakeUserTable(@Tablename as SYSNAME) As

    DECLARE @CleanName As SYSNAME;
    SET @CleanName = QUOTENAME(@Tablename, '[');

    DECLARE @sql As NVARCHAR(MAX);
    SELECT @sql = 'create table [dbo].' + @CleanName + '(sno int primary key identity(1,1),[Week] [int]  not null ,Date nvarchar(30) not null,Time nvarchar(30) not null,Monday_1st_half nvarchar(20),Monday_2nd_half nvarchar(20),Tuesday_1st_half nvarchar(20),Tuesday_2nd_half nvarchar(20),Wednesday_1st_half nvarchar(20),Wednesday_2nd_half nvarchar(20),Thursday_1st_half nvarchar(20),Thursday_2nd_half nvarchar(20),Friday_1st_half nvarchar(20),Friday_2nd_half nvarchar(20),Saturday_1st_half nvarchar(20),Saturday_2nd_half nvarchar(20),Sunday_1st_half nvarchar(20),Sunday_2nd_half nvarchar(20));'

    PRINT 'Executing "'+@sql+'"';
    EXEC(@sql);

Now change your client code to execute this instead, passing in the tablename as a parameter. 现在更改您的客户端代码以执行此操作,并将tablename作为参数传递。

I cannot 100% guarantee that this is immune to SQL Injection attacks, but if you have to accept a tablename from a user, this is about as safe as you can get. 我不能100%保证它不受SQL注入攻击的影响,但是如果你必须接受用户的表名,这就像你可以获得的那样安全。

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 我需要在 Visual Studio 中使用代码 C# 从表值函数中获取 SQL 中的数据集 - I need to get the Dataset from SQL from Table Valued Function using code C# in visual studio 使用C#在oracle服务器的表结构中的sql server migration studio中创建新表 - Create a new table in sql server migration studio with the table structure of oracle server using C# 如何在Visual Studio(C#)中将ASP.NET项目与SQL Server数据库表连接 - How to connect ASP.NET project with SQL Server database table in Visual Studio (C#) 重命名Visual Studio 2010中C#解决方案中的SQL Server表 - Rename SQL Server Table in c# solution in Visual Studio 2010 如何使用SQL Server CE和C#更新dB表中的单元格值(Visual Studio 2010) - How can I update a cell value in a dB table, using SQL Server CE and C# (Visual Studio 2010) 需要一些帮助,使用C#将SQL数据库中的单个文本检索到Visual Studio中的文本框中 - Need some help of retrieving a single text from SQL database into a textbox in Visual Studio using C# 如何在Visual Studio 2015中使用C#创建到SQL Server数据库的连接字符串 - How to create a connection string using C# to SQL Server database in Visual Studio 2015 在 Visual Studio 2015 中使用 SQL 服务器数据库从 C# 项目创建安装文件 - Create setup file from C# project with SQL server database in Visual Studio 2015 如何使用Visual Studio C#中的arraylist中的字段在sql中创建表 - How to create a table in sql with fields from an arraylist in visual studio c# 我已经使用Visual Studio为C#程序创建了一个数据库表。 怎么办? - I've created a database table using Visual Studio for my C# program. Now what?
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM