我有一个包含 16 个字段的数据库,我只想填写前 7 个字段。我正在使用这个命令
"INSERT INTO products (SupplierID, catalogid, ccode,cname,oprice,cprice,pother2) VALUES (" & reader("SupplierID").ToString() & "," & reader("catalogid").ToString() & "," & reader("ccode").ToString() & "," & reader("cname").ToString() & "," & reader("oprice").ToString() & "," & reader("cprice").ToString() & "," & reader("pother2").ToString() & ")"
那么有什么解决方案吗?
只要您未填充的列被指定为可为空或分配了默认值(假设 SQL 服务器),只填充表中可用字段的子集就没有错。
但是,您构建命令的方式存在一些问题:您没有在看起来是字符串值(即 ccname)的周围加上引号,也没有保护免受 SQL 注入攻击。
使用参数化查询要好得多。
大致而言,您的代码将类似于:
Dim oCommand As New SqlCommand()
oCommand.Connection = oConnection
oCommand.CommandText = "INSERT INTO products (SupplierID, catalogid, ccode,cname,oprice,cprice,pother2) VALUES ("?, ?, ?, ?, ?, ?, ?)"
oCommand.Parameters(0).Value = reader("SupplierID")
oCommand.Parameters(0).Value = reader("catalogid")
etc...