0

我已经多次将值插入到 sql 中,但现在我遇到了以下代码的问题

 protected void Button1_Click(object sender, EventArgs e)
    {

        string connstring = ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString;
        con = new SqlConnection(connstring);

        string name = txtName.Text;
        string user = txtUser.Text;
        string password = txtPwd.Text;
        string email = txtEmail.Text;
        long phone=Convert.ToInt64(txtPhone.Text);
        string address = txtAddr.Text;
        string city = txtCity.Text;
        string gender = RadioButtonList1.SelectedItem.ToString();
        string dob = txtDOB.Text;
        string qualification = DropDownList1.SelectedItem.ToString();
        string skills = CheckBoxList1.SelectedItem.ToString();

        string insertstring = " insert into JobRegisteration values ("+name+","+user+","+password+","+email+","+phone+","+address+","+city+","+gender+","+dob+","+qualification+","+skills+")";
        cmd = new SqlCommand(insertstring,con);
        con.Open();
        cmd.ExecuteNonQuery();
        con.Close();

    }
}

当我通过 asp.net 页面向其中插入值时,它会出现以下错误。

Exception Details: System.Data.SqlClient.SqlException: Invalid column name 'sbip'.
Invalid column name 'tttt'.
Invalid column name 'ttt'.
The multi-part identifier "tttttt@sss.ss" could not be bound.
Invalid column name 't'.
Invalid column name 'tttt'.
Invalid column name 'Male'.
Invalid column name 'MCA'.
Invalid column name 'C#'.

其中 tttt、male mca 等是从 asp 页面传递的值。

谢谢!

4

5 回答 5

3

使用如下参数和using语句

string connstring = ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString;
// change this select statement based on your exact column names 
string insertstring = "insert into JobRegisteration ([Name] ,[User] ,[Password] ,[Email] ,[Phone],[Address] ,[City] ,[Gender] ,[Dob] ,[Qualification] ,[Skills]) values (@name ,@user ,@password ,@email ,@phone,@address ,@city ,@gender ,@dob ,@qualification ,@skills)";

using (var con = new SqlConnection(connstring))
using(var cmd = new SqlCommand(insertstring, con))
{
    cmd.Parameters.AddWithValue("@name", txtName.Text);
    cmd.Parameters.AddWithValue("@user", txtUser.Text);
    // give all the parameters..
    con.Open();
    cmd.ExecuteNonQuery();
}
于 2013-08-15T06:57:44.097 回答
2

您需要将插入的值包装起来,'否则数据库会将它们视为列名:

string insertstring = " insert into JobRegisteration values ('"+name+"','"+user+"','"+password+"','"+email+"','"+phone+"','"+address+"','"+city+"','"+gender+"','"+dob+"','"+qualification+"','"+skills+"')";

此外,正如其他人所建议的那样,您确实应该依靠准备好的语句来避免此类问题(以及其他问题)。

于 2013-08-15T06:48:13.367 回答
1

您的问题有很多解决方案。

1)尝试适应这种格式:

INSERT INTO table_name (column1,column2,column3,...)
VALUES (value1,value2,value3,...);

2)正如haim770所说,用'包围你的价值观

3)使用sql参数方式

4)或查看Linq,这确实是使用数据库的简化方式

于 2013-08-15T06:52:42.340 回答
1

您需要'在查询中添加单引号:

string insertstring = " insert into JobRegisteration values ('"+name+"','"+user+"','"+password+"','"+email+"','"+phone+"','"+address+"','"+city+"','"+gender+"','"+dob+"','"+qualification+"','"+skills+"')";
于 2013-08-15T06:53:24.317 回答
0

使用using(双关语!),绑定变量(又名参数),格式化您的查询,当查询似乎可疑时,明确提出您想要的内容......

protected void Button1_Click(object sender, EventArgs e) {
  string name = txtName.Text;
  string user = txtUser.Text;
  string password = txtPwd.Text;
  string email = txtEmail.Text;
  long phone = Convert.ToInt64(txtPhone.Text); // <- what about +77(555)123-456-78?
  string address = txtAddr.Text;
  string city = txtCity.Text;
  string gender = RadioButtonList1.SelectedItem.ToString();
  string dob = txtDOB.Text;
  string qualification = DropDownList1.SelectedItem.ToString();
  string skills = CheckBoxList1.SelectedItem.ToString();

  using (var con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString)) {
    con.Open();

    using(var cmd = con.CreateCommand()) {
      cmd.CommandText = 
        // replace all "field_for_*" for actual fields
        @"insert into JobRegisteration(
            field_for_name,
            field_for_user,
            field_for_password,
            field_for_email,
            field_for_phone, 
            field_for_address, 
            field_for_city, 
            field_for_gender, 
            field_for_dob, 
            field_for_qualification, 
            field_for_skills)
          values (
            @prm_name,
            @prm_user,
            @prm_password,
            @prm_email,
            @prm_phone, 
            @prm_address, 
            @prm_city, 
            @prm_gender, 
            @prm_dob, 
            @prm_qualification, 
            @prm_skills)";

       cmd.Parameters.AddWithValue("@prm_name", name);
       cmd.Parameters.AddWithValue("@prm_user", user);
       cmd.Parameters.AddWithValue("@prm_password", password);
       cmd.Parameters.AddWithValue("@prm_email", email); 
       cmd.Parameters.AddWithValue("@prm_phone", phone);
       cmd.Parameters.AddWithValue("@prm_address", address);
       cmd.Parameters.AddWithValue("@prm_city", city);
       cmd.Parameters.AddWithValue("@prm_gender", gender); 
       cmd.Parameters.AddWithValue("@prm_dob", dob);
       cmd.Parameters.AddWithValue("@prm_qualification", qualification);
       cmd.Parameters.AddWithValue("@prm_skills", skills);

       cmd.ExecuteNonQuery();
    }
  }
}
于 2013-08-15T07:02:03.687 回答