当前位置:theitroad>C# 如何将数据插入到 SQL Server

C# 如何将数据插入到 SQL Server

声明:本页面是StackOverFlow热门问题的中英对照翻译,遵循CC BY-SA 4.0协议,如果您需要使用它,必须同样遵循CC BY-SA许可,注明原文地址和作者信息,同时你必须将它归于原作者(不是我):StackOverFlow 原文地址: http://stackoverflow.com/questions/12241084/
Warning: these are provided under cc-by-sa 4.0 license. You are free to use/share it, But you must attribute it to the original authors (not me): StackOverFlow

提示:将鼠标放在中文语句上可以显示对应的英文。显示中英文
时间:2020-08-09 22:35:35  来源:igfitidea点击:

How to insert data into SQL Server

c#sqlsql-server

提问by Azri Zakaria

What the problem on my coding? I cannot insert data to ms sql.. I'm using C# as front end and MS SQL as databases...

我的编码有什么问题?我无法将数据插入 ms sql .. 我使用 C# 作为前端,使用 MS SQL 作为数据库......

name = tbName.Text;
userId = tbStaffId.Text;
idDepart = int.Parse(cbDepart.SelectedValue.ToString());

string saveStaff = "INSERT into tbl_staff (staffName,userID,idDepartment) " +
                   " VALUES ('" + name + "', '" + userId +"', '" + idDepart + "');";

SqlCommand querySaveStaff = new SqlCommand(saveStaff);

try
{
querySaveStaff.ExecuteNonQuery();
}
catch
{
//Error when save data

MessageBox.Show("Error to save on database");
openCon.Close();
Cursor = Cursors.Arrow;
}

采纳答案by adatapost

You have to set Connection property of Command object and use parametersized query instead of hardcoded SQL to avoid SQL Injection.

您必须设置 Command 对象的 Connection 属性并使用参数化查询而不是硬编码的 SQL 来避免SQL Injection

 using(SqlConnection openCon=new SqlConnection("your_connection_String"))
    {
      string saveStaff = "INSERT into tbl_staff (staffName,userID,idDepartment) VALUES (@staffName,@userID,@idDepartment)";

      using(SqlCommand querySaveStaff = new SqlCommand(saveStaff))
       {
         querySaveStaff.Connection=openCon;
         querySaveStaff.Parameters.Add("@staffName",SqlDbType.VarChar,30).Value=name;
         .....
         openCon.Open();

         querySaveStaff.ExecuteNonQuery();
       }
     }

回答by John Woo

I think you lack to pass Connectionobject to your commandobject. and it is much better if you will use commandand parametersfor that.

我认为你缺乏将Connection对象传递给你的command对象。如果你会使用commandparameters,那就更好了。

using (SqlConnection connection = new SqlConnection("ConnectionStringHere"))
{
    using (SqlCommand command = new SqlCommand())
    {
        command.Connection = connection;            // <== lacking
        command.CommandType = CommandType.Text;
        command.CommandText = "INSERT into tbl_staff (staffName, userID, idDepartment) VALUES (@staffName, @userID, @idDepart)";
        command.Parameters.AddWithValue("@staffName", name);
        command.Parameters.AddWithValue("@userID", userId);
        command.Parameters.AddWithValue("@idDepart", idDepart);

        try
        {
            connection.Open();
            int recordsAffected = command.ExecuteNonQuery();
        }
        catch(SqlException)
        {
            // error here
        }
        finally
        {
            connection.Close();
        }
    }
}

回答by srinivas

string saveStaff = "INSERT into student (stud_id,stud_name) " + " VALUES ('" + SI+ "', '" + SN + "');";
cmd = new SqlCommand(saveStaff,con);
cmd.ExecuteNonQuery();

相关推荐

C# 本地计算机上的 Windows 服务启动然后停止错误

C# 本地计算机上的 Windows 服务启动然后停止错误

C# 在 ASP.NET 中重定向之前的 Javascript 警报

C# 在 ASP.NET 中重定向之前的 Javascript 警报

C# .AsNoTracking() 有什么区别?

C# .AsNoTracking() 有什么区别?

C# 如何让 HttpClient 与请求一起传递凭据?

C# 如何让 HttpClient 与请求一起传递凭据?

相关推荐
最近更新
标签