[英]Incorrect syntax near '.' SQL INSERT c#
I am trying to add new record to the SQL Database Table using class Object. 我正在尝试使用Object类将新记录添加到SQL数据库表中。 I create a list of Products and then iterate through all of them with sql statement.
我创建了一个产品列表,然后使用sql语句遍历所有产品。
My code is like this: 我的代码是这样的:
private void backupButton_Click(object sender, RoutedEventArgs e)
{
ReadAllProductsList dbproducts = new ReadAllProductsList();
DB_Product = dbproducts.GetAllProducts();
List<Product> SQLProductList = new List<Product>();
SQLProductList = DB_Product.Where(Product => Product.UserId == currentUser).ToList();
for(int i = 0; i < SQLProductList.Count; i++)
{
InsertSQLProduct(new Product(SQLProductList[i].UserId,
SQLProductList[i].Name));
}
}
public void InsertSQLProduct(Product objProduct)
{
using (var connection = new SqlConnection("Server=localhost\\SQLEXPRESS;Integrated Security=SSPI;database=MyLocalDB"))
{
connection.Open();
using (SqlCommand command = new SqlCommand("INSERT INTO Product (UserId, Name) '" +
"'VALUES (null, '" + objProduct.Name + "');", connection))
{
command.ExecuteNonQuery();
}
}
}
And the Product class looks like this: 产品类如下所示:
public class Product
{
// List<DietId> Lst = new List<DietId>();
//The Id property is marked as the Primary Key
[SQLite.Net.Attributes.PrimaryKey, SQLite.Net.Attributes.AutoIncrement]
public int Id { get; set; }
public string UserId { get; set; }
public string CreationDate { get; set; }
public string Name { get; set; }
public override string ToString()
{
return Name;
}
public Product()
{
//empty constructor
}
public Product(string userId, string name)
{
UserId = userId;
CreationDate = DateTime.Now.ToString();
Name = name;
}
}
However, I get error on command that says: 但是,在命令中显示以下错误:
syntax error near '.'
'。'附近的语法错误
What am I doing wrong here? 我在这里做错了什么?
PS. PS。 The Name in SQL is of VARCHAR type.
SQL中的名称为VARCHAR类型。
EDIT: I have used parameter and converted the string to varchar and now I get different error: 编辑:我已经使用参数并将字符串转换为varchar,现在我得到了不同的错误:
String or binary data would be truncated.
字符串或二进制数据将被截断。 The statement has been terminated
该语句已终止
OK. 好。 Sorted.
排序。
The last error tells me that the column was accepting only 1 character as 1 is default for VARCHAR. 最后一个错误告诉我该列仅接受1个字符,因为VARCHAR默认为1。
I recreated tables with new max input for records. 我用记录的新最大输入重新创建了表。
Using parameters has solved my original problem. 使用参数解决了我原来的问题。
Thank you guys. 感谢大伙们。
"INSERT INTO Product (UserId, Name) '" +
"'VALUES (null, '" + objProduct.Name + "');",
There are extra apostrophes: one at the end of the first line, one at the start of the second. 还有多余的撇号:一个在第一行的结尾,一个在第二行的开头。
Also, use a parameter to avoid SQL injection attack, either intentionally or unintentionally. 另外,使用参数可以有意或无意地避免SQL注入攻击。 It could be causing your error, depending on what the value is in
objProduct.Name
. 可能会导致错误,具体取决于
objProduct.Name
的值。
You have extra single quotes. 您有多余的单引号。 Your SQL query works out to
INSERT INTO Product (UserId, Name) ''VALUES (null, 'name')
您的SQL查询可以
INSERT INTO Product (UserId, Name) ''VALUES (null, 'name')
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.