堆棧內存溢出
  簡體   English   中英

C# 與 SQL 的連接

[英]C# connection with SQL

 原文  2015-12-06 10:28:25       c#/ sql-server/ ado.net

問題描述

[WebMethod] 
public void RegisterStudent(string Name, string Gender, int Marks)        
{            
    string connectionString = 
           "Data Source =SAJID-PC\\SQLEXPRESS;Initial Catalog=Design;Integrated Security=True";             
    SqlConnection con = new SqlConnection(connectionString);             
    con.Open();             
    String query = "INSERT INTO Students VALUES + ('" + Name + "', '" + Gender + "'," + Marks + ")";             
    SqlCommand sqlcom = new SqlCommand(query, con);
    sqlcom.ExecuteNonQuery();  
    con.Close();
}

調用該方法時出現此錯誤:

System.Data.SqlClient.SqlException:“+”附近的語法不正確。 在 System.Data.SqlClient.SqlConnection.OnError(SqlException 異常,Boolean breakConnection,Action1 wrapCloseInAction) 在 System.Data.SqlClient.SqlInternalConnection.OnError(SqlException 異常,Boolean breakConnection,Action1 wrapCloseInAction) 在 System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning (TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior) System.Data.SqlClient.SqlCommand.InternalExecuteNonQuery(TaskCompletionSource`1 completion, String methodName, Boolean sendToPipe, Int32 timeout, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.ExecuteNonQuery 的 String methodName、Boolean async、Int32 超時、Boolean asyncWrite) () 在 Assignment4Web.StudentService.RegisterStu dent(String Name, String Gender, Int32 Marks) in c:\\users\\sajid\\documents\\visual studio 2010\\Projects\\Assignment4Web\\Assignment4Web\\StudentService.asmx.cs:line 56

1 個解決方案

解決方案1
 2 已采納  2015-12-06 10:30:53

Values之后刪除不必要的+並在Marks周圍添加' ,如下所示:

String query = "INSERT INTO Students VALUES ('" + Name + "', '" + Gender + "','" + Marks + "')";

盡管應該始終使用parameterized queries來避免SQL Injection 像這樣的東西:

SqlCommand sqlcom = new SqlCommand("INSERT INTO Students VALUES(@Name ,@Gender,@Marks");
cmd.Parameters.AddWithValue("@Name",Name);
cmd.Parameters.AddWithValue("@Gender",Gender);
cmd.Parameters.AddWithValue("@Marks",Marks);

暫無
暫無

聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.

相關問題 C#中的SQL連接 SQL 與 C# 連接 SQL連接C# 連接超時 SQL C# 連接SQL Server C# SQL Server C#連接 SQL Server / C# 連接 在C#中創建SQL連接 與C#的sql服務器連接 C# SQL 連接超時
相關標簽
 
粵ICP備18138465號  © 2020-2024 STACKOOM.COM