[英]winform C# using sql server 2008
我有一個數據庫問題,當我通過表單輸入數據時,我正在c#中使用winform,它在數據之前在名稱列中創建了一個空格,所以我想刪除它,任何人都可以幫助我,名稱列的數據類型為varchar,而沒有聯系的數字數據類型則為贏在它之前創造空間
我的代碼:
private void btnAddNew_Click(object sender, EventArgs e)
{
string Gender = "";
if (radioButton1.Checked)
{
Gender = "Male";
}
else if (radioButton2.Checked)
{
Gender = "Female";
}
if (txtName.Text == "")
{
MessageBox.Show("Enter the customer name.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
txtName.Focus();
}
else if (Gender == "")
{
MessageBox.Show("Enter the gender.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
grpGender.Focus();
}
else if (txtAddress.Text == "")
{
MessageBox.Show("Enter the Address.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
txtAddress.Focus();
}
else if (txtContact.Text == "")
{
MessageBox.Show("Enter Contact No.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
txtContact.Focus();
}
else
{
SqlConnection con = new SqlConnection("Data Source=RANJEETMAURYA;Initial Catalog=Project;Integrated Security=True");
con.Open();
SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
(Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text + " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " + txtEmail.Text + " ')", con);
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Customer Information Added Successfully.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Information);
SQLFunctions.Refresh(this.dataGridView1);
clear();
}
}
問題:您在INSERT INTO
語句中提供參數值時添加了額外的空格,如下所示:
|
|
>
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text
+ " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " +
txtEmail.Text + " ')", con);
建議:您的查詢容易受到sqlinjection攻擊,所以我建議您使用參數化查詢來避免它們。
試試看:使用Parameterised Queries
替換為:
SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
(Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text + " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " + txtEmail.Text + " ')", con);
有了這個:
SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
(Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES(@Date,@Contact,,@Name,@Gender,@Address,@Email)", con);
cmd.Parameters.AddWithValue("@Date",this.dateTimePicker1.Value.ToString("MM/dd/yyyy"));
cmd.Parameters.AddWithValue("@Contact",txtContact.Text);
cmd.Parameters.AddWithValue("@Name",txtName.Text);
cmd.Parameters.AddWithValue("@Gender",Gender);
cmd.Parameters.AddWithValue("@Address", txtAddress.Text);
cmd.Parameters.AddWithValue("@Email", txtEmail.Text);
刪除空格
" ',' " + txtName.Text.Trim() + " ',' " + Gender + " ',' "
至
"','" + txtName.Text.Trim() + "','" + Gender + "','"
但是您最好刪除所有這些字符串連接並開始使用SQL參數
看這條線
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text + " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " + txtEmail.Text + " ')", con);
您已經在單引號前后放置了一個空格。 例如
' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',
實際上,您已經在所有值分配之前和之后指定了空格。
順便說一句,這不是在數據庫中執行插入/更新/刪除操作的好方法。 您應該改用帶括號的查詢。
SqlCommand Cmd = Connection.CreateCommand();
Cmd.CommandText = "Insert Into [TableName](Column1,Column2,Column3)Values(@Column1,Column2,Column3)";
Cmd.Parameters.Add("@@Column1", SqlDbType.Int).Value = 1;
Cmd.Parameters.Add("@@Column1", SqlDbType.Varchar).Value = "Shell";
Cmd.Parameters.Add("@@Column1", SqlDbType.SmallDateTime).Value = System.DateTime.Now;
Cmd.ExecuteNonQuery();
在“'”之前和之后還有一些其他空格。 刪除它們,因為它將直接插入數據庫。
用這個 :
SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
(Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES('" + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + "','" + txtName.Text + "','" + Gender + "','" + txtAddress.Text + "','" + txtContact.Text + "','" + txtEmail.Text + "')", con);
cmd.ExecuteNonQuery();
con.Close();
MessageBox.Show("Customer Information Added Successfully.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Information);
SQLFunctions.Refresh(this.dataGridView1);
clear();
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.