0

如何从文本区域保存 SQL Server 2008 中的多行?

<textarea runat="server" rows="5" cols="70"  id="commentarea"  
          name="commentarea"  style="margin-left: 197px" ></textarea>

<asp:Button ID="Button1" runat="server" style="margin-left: 287px" 
            Text="Comment" onclick="Button1_Click" />

C#代码:

ConnectionStringSettings pubs = ConfigurationManager.ConnectionStrings["RegConnectionString"];

SqlConnection connection = new SqlConnection(pubs.ConnectionString);

SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO CommentTable (Comment) values( '" + commentarea.InnerText+"')";

connection.Open();
cmd.ExecuteNonQuery();
connection.Close();
4

1 回答 1

2

不要这样做,使用参数化查询

ConnectionStringSettings pubs = ConfigurationManager.ConnectionStrings["RegConnectionString"];
    SqlConnection connection = new SqlConnection(pubs.ConnectionString);
    SqlCommand cmd = connection.CreateCommand();
    cmd.CommandType = CommandType.Text;
    cmd.CommandText = "INSERT INTO CommentTable (Comment) values(@Text )";
cmd.Parameters.AddWithValue("@Text", acommentarea.InnerText);
    connection.Open();
    cmd.ExecuteNonQuery();
    connection.Close();
于 2012-11-27T11:11:28.463 回答