2

我必须使用插入查询在表中插入值...存储在数据库中的表有 3 列: 1. 日期 (DateTime) 2. SensorValue (Float) 3. 差异 (Float) 现在每列的值来自datagridview .....这是按钮的插入代码

con.ConnectionString = "Data Source=.\\SQLEXPRESS;AttachDbFilename=C:\\dbsave.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True";
if (con.State == ConnectionState.Closed)
{
    con.Open();
}
for (Int32 i = 0; i < dataGridView1.Rows.Count-1; i++)
{
    String query1 = 
        "INSERT INTO " + tbName + 
        " ( Date, SensorValue, Difference) " + "VALUES (" +     
        dataGridView1.Rows[i].Cells[0].Value + "," + 
        dataGridView1.Rows[i].Cells[1].Value + "," + 
        dataGridView1.Rows[i].Cells[2].Value + ")";
    SqlCommand cmd1 = new SqlCommand(query1, con);
    cmd1.ExecuteNonQuery();
}
con.Close();
MessageBox.Show("The table has been saved");

错误当然是在执行查询时....日期列中的第一个条目是值:12/05/2012 14:32:00....所以基本上 sql 不接受放置的冒号14....我该如何解决这个问题?请帮忙

4

4 回答 4

5

更新您的查询并添加撇号:

String query1 = 
    "INSERT INTO " + tbName + 
    " ( Date, SensorValue, Difference) " + "VALUES ('" +     
    dataGridView1.Rows[i].Cells[0].Value + "'," + 
    dataGridView1.Rows[i].Cells[1].Value + "," + 
    dataGridView1.Rows[i].Cells[2].Value + ")";
SqlCommand cmd1 = new SqlCommand(query1, con);

但我同意 Liath 的观点,参数更安全。

于 2012-11-23T08:46:22.960 回答
2

该代码甚至没有编译,因此它不会给出运行时错误。

你这里的引号太多了:

String query1 = "INSERT INTO " + tbName + " (" Date, Sensor...

应该:

String query1 = "INSERT INTO " + tbName + " ( Date, Sensor...

当你有一个日期时间值时,你需要在它周围加上撇号:

...LUES (" + dataGridView1.Rows[i].Cells[0].Value + "," + ...

应该:

...LUES ('" + dataGridView1.Rows[i].Cells[0].Value + "'," + ...
于 2012-11-23T08:47:29.887 回答
2

尝试使用参数化查询。像这样:

string query = "INSERT INTO table (Date, SensorValue, Differences) VALUES (@Date, @SensorValue, @Differences)";            
var command = new SqlCommand(query, con);
command.Parameters.Add(new SqlParameter("@Date", System.Data.SqlDbType.DateTime));
command.Parameters.Add(new SqlParameter("@SensorValue", System.Data.SqlDbType.Float));
command.Parameters.Add(new SqlParameter("@Differences", System.Data.SqlDbType.Float));
for (int i = 0; i < dataGridView1.Rows.Count-1; i++)
{
    command.Parameters["@Date"].Value = Convert.ToDateTime(dataGridView1.Rows[i].Cells[0].Value);
    command.Parameters["@SensorValue"].Value = Convert.ToDecimal(dataGridView1.Rows[i].Cells[1].Value);
    command.Parameters["@Differences"].Value = Convert.ToDecimal(dataGridView1.Rows[i].Cells[2].Value);
    command.ExecuteNonQuery();
}
于 2012-11-23T08:55:01.047 回答
0

在没有看到所有变量的情况下很难诊断,尽管我非常推荐使用参数。它不仅会使这类问题更容易被发现,而且还能保护您免受 sql 注入攻击。

于 2012-11-23T08:45:48.033 回答