0 
 sqlcom1 = New SqlCommand("INSERT INTO Products VALUES ('" + 
            ds.Tables("Products_Archive").Rows(myval).Item(1) + "','" +  
            ds.Tables("Products_Archive").Rows(myval).Item(2) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(3) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(4) + "','" + 
            ds.Tables("Products").Rows(myval).Item(5) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(6) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(7) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(8) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(9) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(10) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(11) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(12) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(13) + "','" + 
            ds.Tables("Products_Archive").Rows(myval).Item(14) + "', '" + 
            ds.Tables("Products_Archive").Rows(myval).Item(15) + "')", con1)
sqlcom1.ExecuteNonQuery()

这是我的代码。我得到错误

你调用的对象是空的。

并且有一个消息框说“没有可用的代码源......”应该如何解决这个问题?

4

1 回答 1

0

您应该对 ADO.NET使用参数化查询-始终- 以避免 SQL 注入攻击并提高性能。

并且从您的 分配值时DataSet,您需要在盲目分配值之前检查 NULL !

所以尝试这样的事情:

// define your SQL statement - with **PARAMETERS**
// first off: I would recommend to ALWAYS define the columns in the table that you want to insert into
//            to avoid unpleasant surprises (if e.g. a new column is added); of course, use YOUR column
//            names from the "Products" table here! Since you didn't give them - I had to fill in "placeholders"
// secondly: use **PARAMETERS** in your INSERT statement! One for each column you want to insert a value into.
//           Again: you should use "@YourColumnName" for each column in your table - since I don't know
//           those column names - I just made up placeholders. Replace those as needed!
string sqlStmt = "INSERT INTO dbo.Products(Col1, Col2, ..., Col15) " +
                 "VALUES(@v1, @v2, ....., @v15)";

// create SqlConnection and SqlCommand to use                 
using(SqlConnection conn = new SqlConnection("......"))
using(SqlCommand cmd = new SqlCommand(sqlStmt, conn))
{
    // fetch the DataTable you use, and the current row in that table
    DataTable tbl = ds.Tables["Products_Archive"];
    DataRow currentRow = tbl.Rows[myval];

    // define the parameters and set their values    
    cmd.Parameters.AddWithValue("@v1", GetValue(currentRow, 1));
    cmd.Parameters.AddWithValue("@v2", GetValue(currentRow, 2));
    .....
    cmd.Parameters.AddWithValue("@v15", GetValue(currentRow, 15));

    // open connection, execute query, close connection    
    conn.Open();
    cmd.ExecuteNonQuery();
    conn.Close();
}

// method to fetch the value from the row
private object GetValue(DataRow row, int index)
{
    // CHECK FOR NULL ! If the value is NULL - define what you want to have returned.
    if(IsNull(row[index]))
    { 
        // return whatever makes sense to you, if the value in the DataTable's row is NULL
        // here - I chose to return a "database NULL" so that NULL will be inserted into the database
        return DbNull.Value;
    }

    // only if NOT NULL --> then return the actual value in that row's column
    return row[index];
}
于 2013-01-27T09:51:17.300 回答