stackoom
  简体   繁体   中英

How to Insert data into a MSSQL table using C#

 原文  2017-06-27 15:30:00       c#/ sql-server

Question

I'm trying to using INSERT to write some data to a MSSQL Database table. I believe my SQL string is correct but I'm getting an error message when I run command.ExecuteScaler(); I've attached the error message in a screen shot. It states I'm using incorrect syntax but I'm not getting any compiler errors. I'm assuming I'm just doing something wrong.

CODE: 

using (SqlConnection connection = new SqlConnection(SQLHelper.CnnCal("CQDB")))
{
    connection.Open();
    String insert = @"INSERT INTO Skills(SkillName, SkillNumber, SkillLastUpdated, SkillServer) VALUES(" + skills.SkillName + "," + skills.SkillNumber + "," + skills.LastUpdated + "," + skills.CallServer +")";
    SqlCommand command = new SqlCommand(insert, connection);
    command.ExecuteScalar();
    connection.Close();
}

Error Message from exception pop up

Question: What is the proper way of inserting data into a MSSQL database table?

2 answers

solution1
 5 ACCPTED  2017-06-27 15:37:13

You should be using Parameters to prevent SQL Injection.

The below code takes care of that: 

var query = "INSERT INTO Skills(SkillName, SkillNumber, SkillLastUpdated, SkillServer) 
             VALUES (@SkillName, @SkillNumber, @SkillLastUpdated, @SkillServer)";

using (SqlConnection connection = new SqlConnection(SQLHelper.CnnCal("CQDB")))
{
    using(SqlCommand cmd = new SqlCommand(query, connection))
    {
        // add parameters and their values
        cmd.Parameters.Add(new SqlParameter("SkillName", skills.SkillName ));
        cmd.Parameters.Add(new SqlParameter("SkillNumber", skills.SkillNumber ));
        cmd.Parameters.Add(new SqlParameter("SkillLastUpdated", skills.LastUpdated ));
        cmd.Parameters.Add(new SqlParameter("SkillServer", skills.CallServer

        cn.Open();
        cmd.ExecuteNonQuery();
    }    
}

solution2
 -2  2017-06-27 15:33:45

you forgot to set the connection property for the command object: command.Connection = connection; and: 

command.CommandType = CommandType.Text;
command.CommandText = your_sql_query;

See: https://msdn.microsoft.com/en-us/library/system.data.sqlclient.sqlcommand.connection(v=vs.110).aspx

暂无
暂无

The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.

Related Question How to insert DataGridView data in to table of access database using c#? Insert to database from datagridview data which is retrieved from another table in C# MSSQL How to Select data from table 1 and insert into table 2 in PostgresQLusing C# C# how to insert data to mysql using C#? Insert data into table(from select) using 2 DataGridView c# windowsForm Insert a Data Table to Access Database using c# c# insert data in FileMaker table using ODBC sql Cannot insert the data into the table using C# visual studio 2008 How to Insert Large Binary Data(Above 32KB ) in to oracle table using Procedure / Inline / C# How do I to insert data into an SQL table using C# as well as implement an upload function?
Related Tags
 
粤ICP备18138465号  © 2020-2024 STACKOOM.COM