1

我想将数据插入数据库表:

myCommand.CommandText = "INSERT INTO Selectionner (IdPrestation,
   IdPhrase, DegreUrgence,RisqueConcerne,rowguid,Cotation) " +                                                               
   "VALUES   ('" +new Guid(emp.IdPrestation) + 
   "', '" +new Guid(emp.IdPhrase)+ "', '" +
   emp.DegreUrgence + "','" + emp.RisqueConcerne + "','" + 
   new Guid(emp.rowguid) + "','" + emp.Cotation + "')";

但这会返回一个错误:

Guid 应包含 32 位数字和 4 个破折号
(xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx)。

我该如何解决这个错误?

4

3 回答 3

6

你的一个或多个

emp.IdPrestation //Or 
emp.IdPhrase //Or 
emp.rowguid //Check them before creating

是/不是一个GUID. 这就是它抛出错误的原因。

编辑:开始

Guid.TryParse()如果解析操作成功,如何使用which 返回 true;否则为假。

//How to parse safely
Guid IdPrestation;
Guid IdPhrase;
Guid rowguid;

if(Guid.TryParse(emp.IdPrestation, out IdPrestation) &&
   Guid.TryParse(emp.IdPhrase, out IdPhrase) &&
   Guid.TryParse(emp.rowguid, out rowguid) )
{
   //all variables have been parse successfully
   //Execute the sql query as follows using parameters
}

编辑:结束

此外,使用内联 sql 将参数作为直接字符串传递是一个unsafe bad practice. 相反use a parameterised query

myCommand.CommandText = "INSERT INTO yourTableName (c1, c2, ...)
VALUES (@p1, @p2,...)";
myCommand.Parameters.Add(new SqlParameter("p1", valueforCol1));
myCommand.Parameters.Add(new SqlParameter("p2", valueforCol2));
...
于 2012-12-12T09:09:12.853 回答
4

尝试使用参数化查询作为第一个改进。

然后,尝试使用Guid.Parse(string s)而不是new Guid(string s)。这样,我希望会为不符合要求的字符串引发异常。

构造函数可能有点宽松,在这种情况下,您可能希望快速失败,以便知道哪个字段给您带来麻烦。

于 2012-12-12T09:13:43.380 回答
1

You cannot create GUID simply from a string ,the string needs to be guid compliant

Guid originalGuid = Guid.NewGuid();
originalGuid.ToString("B")  gets converted to {81a130d2-502f-4cf1-a376-63edeb000e9f}

Similarly

"N" - xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx (32 digits)
"D" - xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx (32 digits separated by hyphens)
"B" - {xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx} (same as "D" with addition of braces)
"P" - (xxxxxxxx-xxxx-xxxx-xxxx-xxxxxxxxxxxx) (same as "D" with addition of parentheses)
"X" - {0x00000000,0x0000,0x0000,{0x00,0x00,0x00,0x00,0x00,0x00,0x00.0x00}}

The guid itself has no format. It is just a value. Note, that you can create guids using NewGuid or using the guid's constructor. Using NewGuid, you have no control over the value of the guid. Using the guid's constructor, you can control the value. Using the constructor is useful if you already have a string representation of a guid (maybe you read it from a database) or if you want to make it easier to interpret a guid during development. You can also use the Parse, ParseExact, TryParse, and TryParseExact methods.

So, you can create guids like this:

Guid g1 = Guid.NewGuid(); //Get a Guid without any control over the contents
Guid g2 = new Guid(new string('A',32)); //Get a Guid where all digits == 'A'
Guid g3 = Guid.Parse(g1.ToString());
Guid g4 = Guid.ParseExact(g1.ToString("D"),"D");
Guid g5;
bool b1 = Guid.TryParse(g1.ToString(), out g5);
Guid g6;
bool b2 = Guid.TryParseExact(g1.ToString("D"),"D", out g6);
于 2012-12-12T09:21:06.897 回答