0

我想将数据插入数据库。

string pa = "4898";  
string equery="Insert into Users(pas)values('"+pa+"')";

当我将数据插入数据库时​​,它说字符串或二进制数据将被截断,语句已终止。于是我换成nvarchar(50)nvarchar(max)in表。

并且这些语句已经被执行并保存在这样的不可读格式的数据库中傉䝎਍ਚ。以及如何解决这个问题并将数据库中的数据保存为“4898”。

private void save_Click(object sender, EventArgs e)
{
    string password = "4898";
    string equery="Insert into Users(name,gender,dateofbirth,age,fathername,
                                      address,citiy,state,country,zipcode,
                                      mobile,phone,email,jobtitle,
                                      dateofjoin,pic,passwords)
                             values('"+nametxt.Text.ToString().Trim()+"',
                                     @gender,
                                     '"+dateofbirth.Text.ToString().Trim()+"',
                                     '"+age.Value.ToString().Trim()+"',
                                     '"+fathertxt.Text.ToString().Trim()+"',
                                    '"+addresstxt.Text.ToString().Trim()+"',
                                  '"+citiytxt.Text.ToString().Trim()+"',
                                  '"+statetxt.Text.ToString().Trim()+"',
                                  '"+country.Text.ToString().Trim()+"',
                                  '"+ziptxt.Text.ToString().Trim()+"',
                                  '"+mobiletxt.Text.ToString().Trim()+"',
                                  '"+phonetxt.Text.ToString().Trim()+"',
                                  '"+emailtxt.Text.ToString().Trim()+"',
                                  '"+jobtxt.Text.ToString().Trim()+
                                  "','"+dateofjoin.Text.ToString().Trim()+"',
                                  '"+password+"',@pic)";
    SqlCommand cmd = new SqlCommand(equery, con);

    if(male.Checked)
        cmd.Parameters.AddWithValue("@gender","Male");
    else
        cmd.Parameters.AddWithValue("@gender","Female");

    MemoryStream stream = new MemoryStream();
    pictureBox1.Image.Save(stream,System.Drawing.Imaging.ImageFormat.Png);
    byte[] pic = stream.ToArray();
    cmd.Parameters.AddWithValue("@pic", pic);

    try
    {
        con.Open();
        cmd.ExecuteNonQuery();
        MessageBox.Show("Saved Successfully");
    }
    catch (Exception ex)
    {
        MessageBox.Show(ex.Message);
    }
    finally
    {
        con.Close();
    }

    MessageBox.Show("Saved Successfully");
    idtxt.Text = "";
    nametxt.Text = "";
    age.Value = Convert.ToDecimal(null);
    male.Checked = false;
    female.Checked = false;
    dateofbirth.Text = "";
    fathertxt.Text = "";
    addresstxt.Text = "";
    citiytxt.Text = "";
    statetxt.Text = "";
    country.Text = "";
    ziptxt.Text = "";
    mobiletxt.Text = "";
    phonetxt.Text = "";
    emailtxt.Text = "";
    dateofjoin.Text = "";
    jobtxt.Text = "";
    pictureBox1.Image = null;
}
4

2 回答 2

4

查看您的插入语句:

"Insert into Users(... pic,passwords) values (... '"+password+"',@pic)";

看来你互换了picpasswords

此外,正如其他人已经在评论中指出的那样,您应该只使用参数化查询(以防止 SQL 注入),尤其是在处理用户或任何其他不受信任的来源插入的文本时。

于 2013-08-19T07:37:44.083 回答
0

您的代码中存在逻辑错误。换乘

'"+password+"',@pic)";

在您的字符串查询中。顺便提个建议!最好使用'linq to Sql'而不是查询传递方法!因为 'Linq to Sql' 为您做每一件事。你只需要给出值:)

于 2013-08-19T07:58:42.403 回答