使用ExecuteNonQuery插入记录,显示列名称无效的异常
[英]Insert records using ExecuteNonQuery, showing exception that invalid column name
问题描述
我正在使用SQL Server 2008。
我想使用ExecuteNonQuery将记录插入表中,因为我已经写了:
customUtility.ExecuteNonQuery("insert into furniture_ProductAccessories(Product_id, Accessories_id, SkuNo, Description1, Price, Discount) values(" + prodid + "," + strAcc + "," + txtSKUNo.Text + "," + txtAccDesc.Text + "," + txtAccPrices.Text + "," + txtAccDiscount.Text + ")");
&以下是ExecuteNonQuery函数:
public static bool ExecuteNonQuery(string SQL)
{
bool retVal = false;
using (SqlConnection con = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["dbConnect"].ToString()))
{
con.Open();
SqlTransaction trans = con.BeginTransaction();
SqlCommand command = new SqlCommand(SQL, con, trans);
try
{
command.ExecuteNonQuery();
trans.Commit();
retVal = true;
}
catch(Exception ex)
{
//HttpContext.Current.Response.Write(SQL + "<br>" + ex.Message);
//HttpContext.Current.Response.End();
}
finally
{
// Always call Close when done reading.
con.Close();
}
return retVal;
}
}
但是它显示异常,即Description1无效列名 ,甚至是来自txtAccDesc.Text的值。 我已经尝试通过删除Description1列来成功插入其他记录。
1 个解决方案
解决方案1
5 2011-01-11 05:01:29
我的心理调试能力告诉我,您正在文本框txtAccDesc输入值Description1 。 连接SQL字符串时,您无法分隔文字值。
例如
"," + txtAccDesc.Text + "," +
应该
", '" + txtAccDesc.Text + "', " +
但是,这是一个不好的解决方案,因为它使您容易受到SQL注入攻击 (更不用说您需要在文字中处理引号和逗号),而应使用参数化查询 。
例如(警告写在记事本中,可能无法编译)
string SQL = "insert into furniture_ProductAccessories(Product_id,Accessories_id,SkuNo,Description1,Price,Discount) values(@Product_id,@Accessories_id,@SkuNo,@Description1,@Price,@Discount)"
SqlParameters[] parameters = new SQLParameters[6];
parameters[0] = new SqlParameter("@Product_id", SqlDbType.Int, prodid );
parameters[1] = new SqlParameter("@Accessories_id", SqlDbType.VarChar, strAcc );
parameters[2] = new SqlParameter("@SkuNo", SqlDbType.VarChar, txtSKUNo);
parameters[3] = new SqlParameter("@Description1", SqlDbType.VarChar, txtAccDesc.Text);
parameters[4] = new SqlParameter("@Price", SqlDbType.Money, txtAccPrices.Text);
parameters[5] = new SqlParameter("@Discount", SqlDbType.Money, txtAccDiscount.Text);
customUtility.ExecuteNonQuery(sql, paramters)
public static bool ExecuteNonQuery(string SQL, SqlParameters[] parameters)
{
bool retVal = false;
using (SqlConnection con = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["dbConnect"].ToString()))
{
con.Open();
SqlTransaction trans = con.BeginTransaction();
SqlCommand command = new SqlCommand(SQL, con, trans);
cmd.parameters.AddRange(parameters);
try
{
command.ExecuteNonQuery();
trans.Commit();
retVal = true;
}
catch(Exception ex)
{
//HttpContext.Current.Response.Write(SQL + "<br>" + ex.Message);
//HttpContext.Current.Response.End();
}
// finally
//{
//Always call Close when done reading.
//con.Close(); Using already does this, so need for this
//}
return retVal;
}
}
尝试使用SQL将数据插入数据库时出现“无效的列名”
[英]“Invalid column name” when trying to insert data into database using SQL
System.Data.SqlClient.SqlException:无效的列名(行命令出错。ExecuteNonQuery();)
[英]System.Data.SqlClient.SqlException: Invalid column name (Error at line command.ExecuteNonQuery();)
在C#for SQL中使用多个插入语句时,如何使用ExecuteNonQuery获取受影响的记录
[英]How to get affected records using ExecuteNonQuery when multiple insert statements are used in C# for SQL
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.
相关问题
ExecuteNonQuery中的无效对象名称
SQL INSERT - 列名无效
尝试使用SQL将数据插入数据库时出现“无效的列名”
System.Data.SqlClient.SqlException:无效的列名(行命令出错。ExecuteNonQuery();)
ExecuteNonQuery不会在插入时引发异常
(OleDb)ExecuteNonQuery错误-类型名称无效
在C#for SQL中使用多个插入语句时,如何使用ExecuteNonQuery获取受影响的记录
无效的列名或Identity_Insert关闭
异常“无效的列名称'False'与SqlConnection
无效的列名异常,即使存在列也是如此
相关标签