堆栈内存溢出
  简体   繁体   English

如何将数据插入到 SQL Server

[英]How to insert data into SQL Server

 原文  2012-09-03 01:34:24       c#/ sql/ sql-server

问题描述

What the problem on my coding?我的编码有什么问题? I cannot insert data to ms sql.. I'm using C# as front end and MS SQL as databases...我无法将数据插入 ms sql .. 我使用 C# 作为前端,使用 MS SQL 作为数据库......

name = tbName.Text;
userId = tbStaffId.Text;
idDepart = int.Parse(cbDepart.SelectedValue.ToString());

string saveStaff = "INSERT into tbl_staff (staffName,userID,idDepartment) " +
                   " VALUES ('" + name + "', '" + userId +"', '" + idDepart + "');";

SqlCommand querySaveStaff = new SqlCommand(saveStaff);

try
{
querySaveStaff.ExecuteNonQuery();
}
catch
{
//Error when save data

MessageBox.Show("Error to save on database");
openCon.Close();
Cursor = Cursors.Arrow;
}

3 个解决方案

解决方案1
 41 已采纳  2012-09-03 01:42:06

You have to set Connection property of Command object and use parametersized query instead of hardcoded SQL to avoid SQL Injection .您必须设置 Command 对象的 Connection 属性并使用参数化查询而不是硬编码 SQL 来避免SQL Injection

 using(SqlConnection openCon=new SqlConnection("your_connection_String"))
    {
      string saveStaff = "INSERT into tbl_staff (staffName,userID,idDepartment) VALUES (@staffName,@userID,@idDepartment)";

      using(SqlCommand querySaveStaff = new SqlCommand(saveStaff))
       {
         querySaveStaff.Connection=openCon;
         querySaveStaff.Parameters.Add("@staffName",SqlDbType.VarChar,30).Value=name;
         .....
         openCon.Open();

         querySaveStaff.ExecuteNonQuery();
       }
     }

解决方案2
 32  2012-09-03 01:43:06

I think you lack to pass Connection object to your command object.我认为您缺乏将Connection对象传递给您的command对象。 and it is much better if you will use command and parameters for that.如果您为此使用commandparameters ,那就更好了。

using (SqlConnection connection = new SqlConnection("ConnectionStringHere"))
{
    using (SqlCommand command = new SqlCommand())
    {
        command.Connection = connection;            // <== lacking
        command.CommandType = CommandType.Text;
        command.CommandText = "INSERT into tbl_staff (staffName, userID, idDepartment) VALUES (@staffName, @userID, @idDepart)";
        command.Parameters.AddWithValue("@staffName", name);
        command.Parameters.AddWithValue("@userID", userId);
        command.Parameters.AddWithValue("@idDepart", idDepart);

        try
        {
            connection.Open();
            int recordsAffected = command.ExecuteNonQuery();
        }
        catch(SqlException)
        {
            // error here
        }
        finally
        {
            connection.Close();
        }
    }
}

解决方案3
 -5  2013-12-24 19:18:30

string saveStaff = "INSERT into student (stud_id,stud_name) " + " VALUES ('" + SI+ "', '" + SN + "');";
cmd = new SqlCommand(saveStaff,con);
cmd.ExecuteNonQuery();

暂无
暂无

声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.

相关问题 如何将数据插入SQL Server? - How to insert data into SQL Server? 如何在Android应用程序中的SQL Server中插入数据 - How to insert data in SQL Server in an Android application 如何连接到 SQL SERVER 并将数据插入数据库? - How to connect to SQL SERVER and insert data into database? 如何将巨大的虚拟数据插入到Sql server - How to insert Huge dummy data to Sql server 如何将数据插入SQL Server数据库 - How to insert Data into sql server database 如何使用存储过程将数据快速插入SQL Server - How to insert data quickly into SQL Server using a stored procedure 如何在C#中的foreach循环中将数据插入SQL Server - How to insert data into sql server within a foreach loop in c# 如何将wifi扫描数据插入SQL Server表 - How to insert wifi scan data into SQL Server table 如何将数据表插入SQL Server数据库表? - How to insert a data table into SQL Server database table? 如何创建.NET Web服务以在SQL Server 2008中插入数据 - How to create a .NET web service to insert data in SQL Server 2008
相关标签
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM