[英]SqlException was unhandled by user code incorrect syntax near ','
using System;
using System.Collections;
using System.Configuration;
using System.Data;
using System.Web;
using System.Web.Security;
using System.Web.UI;
using System.Web.UI.HtmlControls;
using System.Web.UI.WebControls;
using System.Web.UI.WebControls.WebParts;
using System.Data.SqlClient;
public partial class Student_InsertStudentDeta : System.Web.UI.Page
{
protected void Page_Load(object sender, EventArgs e)
{
lblMsg.Visible = false;
}
protected void btnSave_Click(object sender, EventArgs e)
{
btnDelete.Enabled = false;
btnFindValuse.Enabled = false;
btnUpdate.Enabled = false;
SqlConnection connection = new SqlConnection();
connection.ConnectionString = ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
connection.Open();
SqlCommand cmd = new SqlCommand("Insert into MoHE_Student values (N'" + txtName.Text + "',N'" + txtSureName.Text + "',N'" + txtFatherName.Text + "',N'" + txtGFatherName.Text + "',N'" + txtBirthYear.Text + "',N'" + txtNIDC.Text + "',N'" + txtTabdily.Text + "',N'" + txtTitalMonugraf.Text + "',N'" + ddlJeldBook.SelectedItem.Text + "',N'" + txtDescription.Text + "',N'" + ddlUniversity.SelectedItem.Value + "',N'" + ddlFaculty.SelectedItem.Value + "',N'" + ddlDepartment.SelectedItem.Value + "'," + txtStudentRegBook.Text + "," + txtPageBook.Text + "," + ddlReciveBook.SelectedItem.Text + "," + txtGraduateYear.Text + "," + txtRegYear.Text + ",N'" + ddlKoncurExam.SelectedItem.Text + "',N'" + ddlDefaMonugraf.SelectedItem.Text + "',N'" + ddlYearDefa.SelectedItem.Text + "',N'" + ddlMonthDefa.SelectedItem.Text + "',N'" + ddlDayDefa.SelectedItem.Text + "',N'" + ddlTakeDiplom.SelectedItem.Text + "',N'" + txtPhonNum.Text + "',N'" + ddlGender.SelectedItem.Text + "',N'" + ddlDarajaTahsili.SelectedItem.Text + "',N'" + User.Identity.Name + "')", connection);
cmd.ExecuteNonQuery(); // Error happens here
}
}
The duplicate explains what's wrong, how serious this is and how to avoid it.副本解释了什么是错误的,这是多么严重以及如何避免它。 I won't repeat the explanation here, simply because I started to, then my fingers started tingling.
我这里就不重复解释了,因为我开始了,然后我的手指开始刺痛了。 The various answers to the duplicate are adequate and even contain
Bobby Tables
.重复的各种答案就足够了,甚至包含
Bobby Tables
。
This just shows how this particular code can be fixed.这只是显示了如何修复此特定代码。
First, the command can be created once and reused:首先,该命令可以创建一次并重复使用:
SqlCommand _insertCmd;
void InitCommands()
{
_connectionString =
ConfigurationManager.ConnectionStrings["ConnectionString"].ConnectionString;
var query = "Insert into MoHE_Student values (@name,@surname,...";
var cmd = new SqlCommand(query);
cmd.Parameters.Add("@name",SqlDbType.NVarChar,30);
cmd.Parameters.Add("@surname",SqlDbType.NVarChar,30);
...
_insertCmd=cmd;
}
When the time comes to execute it, set the parameter values and open a connection inside a using block to ensure the connection is closed even if an error occurs :到了执行它的时候,设置参数值并在 using 块内打开连接以确保即使发生错误也关闭连接:
_insertCmd["@name"].Value=txtName.Text;
...
using(var connection = new SqlConnection(_connectionString))
{
_insertCmd.Connection=connection;
connection.Open();
_insertCmd.ExecuteNonQuery();
}
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.