'。'附近的语法不正确 SQL插入C#
[英]Incorrect syntax near '.' SQL INSERT c#
问题描述
I am trying to add new record to the SQL Database Table using class Object. 
我正在尝试使用Object类将新记录添加到SQL数据库表中。 I create a list of Products and then iterate through all of them with sql statement. 我创建了一个产品列表,然后使用sql语句遍历所有产品。
My code is like this: 我的代码是这样的:
private void backupButton_Click(object sender, RoutedEventArgs e)
{
ReadAllProductsList dbproducts = new ReadAllProductsList();
DB_Product = dbproducts.GetAllProducts();
List<Product> SQLProductList = new List<Product>();
SQLProductList = DB_Product.Where(Product => Product.UserId == currentUser).ToList();
for(int i = 0; i < SQLProductList.Count; i++)
{
InsertSQLProduct(new Product(SQLProductList[i].UserId,
SQLProductList[i].Name));
}
}
public void InsertSQLProduct(Product objProduct)
{
using (var connection = new SqlConnection("Server=localhost\\SQLEXPRESS;Integrated Security=SSPI;database=MyLocalDB"))
{
connection.Open();
using (SqlCommand command = new SqlCommand("INSERT INTO Product (UserId, Name) '" +
"'VALUES (null, '" + objProduct.Name + "');", connection))
{
command.ExecuteNonQuery();
}
}
}
And the Product class looks like this: 产品类如下所示:
public class Product
{
// List<DietId> Lst = new List<DietId>();
//The Id property is marked as the Primary Key
[SQLite.Net.Attributes.PrimaryKey, SQLite.Net.Attributes.AutoIncrement]
public int Id { get; set; }
public string UserId { get; set; }
public string CreationDate { get; set; }
public string Name { get; set; }
public override string ToString()
{
return Name;
}
public Product()
{
//empty constructor
}
public Product(string userId, string name)
{
UserId = userId;
CreationDate = DateTime.Now.ToString();
Name = name;
}
}
However, I get error on command that says: 但是,在命令中显示以下错误:
syntax error near '.'
What am I doing wrong here? 我在这里做错了什么?
PS. PS。 The Name in SQL is of VARCHAR type. SQL中的名称为VARCHAR类型。
EDIT: I have used parameter and converted the string to varchar and now I get different error: 编辑:我已经使用参数并将字符串转换为varchar,现在我得到了不同的错误:
String or binary data would be truncated.
OK. 好。 Sorted. 排序。
The last error tells me that the column was accepting only 1 character as 1 is default for VARCHAR. 最后一个错误告诉我该列仅接受1个字符,因为VARCHAR默认为1。
I recreated tables with new max input for records. 我用记录的新最大输入重新创建了表。
Using parameters has solved my original problem. 使用参数解决了我原来的问题。
Thank you guys. 感谢大伙们。
2 个解决方案
解决方案1
7 已采纳 2018-06-20 16:30:10
"INSERT INTO Product (UserId, Name) '" +
"'VALUES (null, '" + objProduct.Name + "');",
There are extra apostrophes: one at the end of the first line, one at the start of the second. 还有多余的撇号:一个在第一行的结尾,一个在第二行的开头。
Also, use a parameter to avoid SQL injection attack, either intentionally or unintentionally. 另外,使用参数可以有意或无意地避免SQL注入攻击。 It could be causing your error, depending on what the value is in objProduct.Name . 可能会导致错误,具体取决于objProduct.Name的值。
解决方案2
1 2018-06-20 16:30:39
You have extra single quotes. 您有多余的单引号。 Your SQL query works out to INSERT INTO Product (UserId, Name) ''VALUES (null, 'name') 您的SQL查询可以INSERT INTO Product (UserId, Name) ''VALUES (null, 'name')
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.