使用ExecuteNonQuery插入記錄,顯示列名稱無效的異常
[英]Insert records using ExecuteNonQuery, showing exception that invalid column name
問題描述
我正在使用SQL Server 2008。
我想使用ExecuteNonQuery將記錄插入表中,因為我已經寫了:
customUtility.ExecuteNonQuery("insert into furniture_ProductAccessories(Product_id, Accessories_id, SkuNo, Description1, Price, Discount) values(" + prodid + "," + strAcc + "," + txtSKUNo.Text + "," + txtAccDesc.Text + "," + txtAccPrices.Text + "," + txtAccDiscount.Text + ")");
&以下是ExecuteNonQuery函數:
public static bool ExecuteNonQuery(string SQL)
{
bool retVal = false;
using (SqlConnection con = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["dbConnect"].ToString()))
{
con.Open();
SqlTransaction trans = con.BeginTransaction();
SqlCommand command = new SqlCommand(SQL, con, trans);
try
{
command.ExecuteNonQuery();
trans.Commit();
retVal = true;
}
catch(Exception ex)
{
//HttpContext.Current.Response.Write(SQL + "<br>" + ex.Message);
//HttpContext.Current.Response.End();
}
finally
{
// Always call Close when done reading.
con.Close();
}
return retVal;
}
}
但是它顯示異常,即Description1無效列名 ,甚至是來自txtAccDesc.Text的值。 我已經嘗試通過刪除Description1列來成功插入其他記錄。
1 個解決方案
解決方案1
5 2011-01-11 05:01:29
我的心理調試能力告訴我,您正在文本框txtAccDesc輸入值Description1 。 連接SQL字符串時,您無法分隔文字值。
例如
"," + txtAccDesc.Text + "," +
應該
", '" + txtAccDesc.Text + "', " +
但是,這是一個不好的解決方案,因為它使您容易受到SQL注入攻擊 (更不用說您需要在文字中處理引號和逗號),而應使用參數化查詢 。
例如(警告寫在記事本中,可能無法編譯)
string SQL = "insert into furniture_ProductAccessories(Product_id,Accessories_id,SkuNo,Description1,Price,Discount) values(@Product_id,@Accessories_id,@SkuNo,@Description1,@Price,@Discount)"
SqlParameters[] parameters = new SQLParameters[6];
parameters[0] = new SqlParameter("@Product_id", SqlDbType.Int, prodid );
parameters[1] = new SqlParameter("@Accessories_id", SqlDbType.VarChar, strAcc );
parameters[2] = new SqlParameter("@SkuNo", SqlDbType.VarChar, txtSKUNo);
parameters[3] = new SqlParameter("@Description1", SqlDbType.VarChar, txtAccDesc.Text);
parameters[4] = new SqlParameter("@Price", SqlDbType.Money, txtAccPrices.Text);
parameters[5] = new SqlParameter("@Discount", SqlDbType.Money, txtAccDiscount.Text);
customUtility.ExecuteNonQuery(sql, paramters)
public static bool ExecuteNonQuery(string SQL, SqlParameters[] parameters)
{
bool retVal = false;
using (SqlConnection con = new SqlConnection(System.Web.Configuration.WebConfigurationManager.ConnectionStrings["dbConnect"].ToString()))
{
con.Open();
SqlTransaction trans = con.BeginTransaction();
SqlCommand command = new SqlCommand(SQL, con, trans);
cmd.parameters.AddRange(parameters);
try
{
command.ExecuteNonQuery();
trans.Commit();
retVal = true;
}
catch(Exception ex)
{
//HttpContext.Current.Response.Write(SQL + "<br>" + ex.Message);
//HttpContext.Current.Response.End();
}
// finally
//{
//Always call Close when done reading.
//con.Close(); Using already does this, so need for this
//}
return retVal;
}
}
嘗試使用SQL將數據插入數據庫時出現“無效的列名”
[英]“Invalid column name” when trying to insert data into database using SQL
System.Data.SqlClient.SqlException:無效的列名(行命令出錯。ExecuteNonQuery();)
[英]System.Data.SqlClient.SqlException: Invalid column name (Error at line command.ExecuteNonQuery();)
在C#for SQL中使用多個插入語句時,如何使用ExecuteNonQuery獲取受影響的記錄
[英]How to get affected records using ExecuteNonQuery when multiple insert statements are used in C# for SQL
聲明:本站的技術帖子網頁,遵循CC BY-SA 4.0協議,如果您需要轉載,請注明本站網址或者原文地址。任何問題請咨詢:yoyou2525@163.com.
相關問題
ExecuteNonQuery中的無效對象名稱
SQL INSERT - 列名無效
嘗試使用SQL將數據插入數據庫時出現“無效的列名”
System.Data.SqlClient.SqlException:無效的列名(行命令出錯。ExecuteNonQuery();)
ExecuteNonQuery不會在插入時引發異常
(OleDb)ExecuteNonQuery錯誤-類型名稱無效
在C#for SQL中使用多個插入語句時,如何使用ExecuteNonQuery獲取受影響的記錄
無效的列名或Identity_Insert關閉
異常“無效的列名稱'False'與SqlConnection
無效的列名異常,即使存在列也是如此
相關標簽