[英]I need to get the Dataset from SQL from Table Valued Function using code C# in visual studio
[英]I need to create a sql server database table using visual studio(c# language) . But the name of the table has to be an input from the user
con1.Open();
cmd = new SqlCommand("create table [dbo.][" + textBox2.Text + "](sno int primary key identity(1,1),[Week] [int] not null ,Date nvarchar(30) not null,Time nvarchar(30) not null,Monday_1st_half nvarchar(20),Monday_2nd_half nvarchar(20),Tuesday_1st_half nvarchar(20),Tuesday_2nd_half nvarchar(20),Wednesday_1st_half nvarchar(20),Wednesday_2nd_half nvarchar(20),Thursday_1st_half nvarchar(20),Thursday_2nd_half nvarchar(20),Friday_1st_half nvarchar(20),Friday_2nd_half nvarchar(20),Saturday_1st_half nvarchar(20),Saturday_2nd_half nvarchar(20),Sunday_1st_half nvarchar(20),Sunday_2nd_half nvarchar(20))", con1);
cmd.ExecuteNonQuery();
con1.Close();
如果我為表提供硬編碼名稱而不是textbox.text值,則此查詢有效,將創建一個表。 但是,當我使用此代碼時,它會創建一個名為“dbo”的表。 如果我從查詢中刪除“[dbo。]”,則會顯示錯誤消息“對象丟失”。 有人可以幫我嗎?。
這是一個更好的方法來做到這一點。 首先創建以下存儲過程:
CREATE PROC dbo.MakeUserTable(@Tablename as SYSNAME) As
DECLARE @CleanName As SYSNAME;
SET @CleanName = QUOTENAME(@Tablename, '[');
DECLARE @sql As NVARCHAR(MAX);
SELECT @sql = 'create table [dbo].' + @CleanName + '(sno int primary key identity(1,1),[Week] [int] not null ,Date nvarchar(30) not null,Time nvarchar(30) not null,Monday_1st_half nvarchar(20),Monday_2nd_half nvarchar(20),Tuesday_1st_half nvarchar(20),Tuesday_2nd_half nvarchar(20),Wednesday_1st_half nvarchar(20),Wednesday_2nd_half nvarchar(20),Thursday_1st_half nvarchar(20),Thursday_2nd_half nvarchar(20),Friday_1st_half nvarchar(20),Friday_2nd_half nvarchar(20),Saturday_1st_half nvarchar(20),Saturday_2nd_half nvarchar(20),Sunday_1st_half nvarchar(20),Sunday_2nd_half nvarchar(20));'
PRINT 'Executing "'+@sql+'"';
EXEC(@sql);
現在更改您的客戶端代碼以執行此操作,並將tablename作為參數傳遞。
我不能100%保證它不受SQL注入攻擊的影響,但是如果你必須接受用戶的表名,這就像你可以獲得的那樣安全。
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.