如何从文本区域保存SQL Server 2008中的多行?

时间:2012-11-27 11:05:57

标签: c# html sql-server

如何从文本区域保存SQL Server 2008中的多行?

<textarea runat="server" rows="5" cols="70"  id="commentarea"  
          name="commentarea"  style="margin-left: 197px" ></textarea>

<asp:Button ID="Button1" runat="server" style="margin-left: 287px" 
            Text="Comment" onclick="Button1_Click" />

C#代码:

ConnectionStringSettings pubs = ConfigurationManager.ConnectionStrings["RegConnectionString"];

SqlConnection connection = new SqlConnection(pubs.ConnectionString);

SqlCommand cmd = connection.CreateCommand();
cmd.CommandType = CommandType.Text;
cmd.CommandText = "INSERT INTO CommentTable (Comment) values( '" + commentarea.InnerText+"')";

connection.Open();
cmd.ExecuteNonQuery();
connection.Close();

1 个答案:

答案 0 :(得分:2)

不要这样做,请使用参数化查询

ConnectionStringSettings pubs = ConfigurationManager.ConnectionStrings["RegConnectionString"];
    SqlConnection connection = new SqlConnection(pubs.ConnectionString);
    SqlCommand cmd = connection.CreateCommand();
    cmd.CommandType = CommandType.Text;
    cmd.CommandText = "INSERT INTO CommentTable (Comment) values(@Text )";
cmd.Parameters.AddWithValue("@Text", acommentarea.InnerText);
    connection.Open();
    cmd.ExecuteNonQuery();
    connection.Close();