如何从文本区域保存SQL Server 2008中的多行?
<textarea runat="server" rows="5" cols="70" id="commentarea"
name="commentarea" style="margin-left: 197px" ></textarea>
<asp:Button ID="Button1" runat="server" style="margin-left: 287px"
Text="Comment" onclick="Button1_Click" />
C#代码:
ConnectionStringSettings pubs = ConfigurationManager.ConnectionStrings["RegConnectionString"];
SqlConnection connection = new SqlConnection(pubs.ConnectionString);
SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO CommentTable (Comment) values( '" + commentarea.InnerText+"')";
connection.Open();
cmd.ExecuteNonQuery();
connection.Close();
答案 0 :(得分:2)
不要这样做,请使用参数化查询
ConnectionStringSettings pubs = ConfigurationManager.ConnectionStrings["RegConnectionString"];
SqlConnection connection = new SqlConnection(pubs.ConnectionString);
SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO CommentTable (Comment) values(@Text )";
cmd.Parameters.AddWithValue("@Text", acommentarea.InnerText);
connection.Open();
cmd.ExecuteNonQuery();
connection.Close();