将值插入sqlserver

时间:2013-08-15 06:43:23

标签: c# asp.net sql-server ado.net

我已经多次将值插入到sql中,但现在我遇到了以下代码的问题

 protected void Button1_Click(object sender, EventArgs e)
    {

        string connstring = ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString;
        con = new SqlConnection(connstring);

        string name = txtName.Text;
        string user = txtUser.Text;
        string password = txtPwd.Text;
        string email = txtEmail.Text;
        long phone=Convert.ToInt64(txtPhone.Text);
        string address = txtAddr.Text;
        string city = txtCity.Text;
        string gender = RadioButtonList1.SelectedItem.ToString();
        string dob = txtDOB.Text;
        string qualification = DropDownList1.SelectedItem.ToString();
        string skills = CheckBoxList1.SelectedItem.ToString();

        string insertstring = " insert into JobRegisteration values ("+name+","+user+","+password+","+email+","+phone+","+address+","+city+","+gender+","+dob+","+qualification+","+skills+")";
        cmd = new SqlCommand(insertstring,con);
        con.Open();
        cmd.ExecuteNonQuery();
        con.Close();

    }
}

当我通过asp.net页面插入值时,它会给出以下错误。

Exception Details: System.Data.SqlClient.SqlException: Invalid column name 'sbip'.
Invalid column name 'tttt'.
Invalid column name 'ttt'.
The multi-part identifier "tttttt@sss.ss" could not be bound.
Invalid column name 't'.
Invalid column name 'tttt'.
Invalid column name 'Male'.
Invalid column name 'MCA'.
Invalid column name 'C#'.

其中tttt,male mca等是从asp页面传递的值。

谢谢!

5 个答案:

答案 0 :(得分:3)

使用如下所示的参数以及using语句

string connstring = ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString;
// change this select statement based on your exact column names 
string insertstring = "insert into JobRegisteration ([Name] ,[User] ,[Password] ,[Email] ,[Phone],[Address] ,[City] ,[Gender] ,[Dob] ,[Qualification] ,[Skills]) values (@name ,@user ,@password ,@email ,@phone,@address ,@city ,@gender ,@dob ,@qualification ,@skills)";

using (var con = new SqlConnection(connstring))
using(var cmd = new SqlCommand(insertstring, con))
{
    cmd.Parameters.AddWithValue("@name", txtName.Text);
    cmd.Parameters.AddWithValue("@user", txtUser.Text);
    // give all the parameters..
    con.Open();
    cmd.ExecuteNonQuery();
}

答案 1 :(得分:2)

您需要使用'包装插入的值,否则数据库会将它们视为列名:

string insertstring = " insert into JobRegisteration values ('"+name+"','"+user+"','"+password+"','"+email+"','"+phone+"','"+address+"','"+city+"','"+gender+"','"+dob+"','"+qualification+"','"+skills+"')";

另外,正如其他人所说,你真的应该依靠Prepared Statements来避免这些问题(等等)。

答案 2 :(得分:1)

您的问题有很多解决方案。

1)尽量使用这种格式:

INSERT INTO table_name (column1,column2,column3,...)
VALUES (value1,value2,value3,...);

2)如上所述haim770,用'

围绕你的价值观

3)使用sql参数方式

4)或者看看 Linq ,这真的简化了使用数据库的方式

答案 3 :(得分:1)

您需要在查询中添加单引号'

string insertstring = " insert into JobRegisteration values ('"+name+"','"+user+"','"+password+"','"+email+"','"+phone+"','"+address+"','"+city+"','"+gender+"','"+dob+"','"+qualification+"','"+skills+"')";

答案 4 :(得分:0)

使用使用(双关语!),绑定变量(又称参数),格式化查询,当查询看起来很可疑时,明确地提出你想要的内容...... 

protected void Button1_Click(object sender, EventArgs e) {
  string name = txtName.Text;
  string user = txtUser.Text;
  string password = txtPwd.Text;
  string email = txtEmail.Text;
  long phone = Convert.ToInt64(txtPhone.Text); // <- what about +77(555)123-456-78?
  string address = txtAddr.Text;
  string city = txtCity.Text;
  string gender = RadioButtonList1.SelectedItem.ToString();
  string dob = txtDOB.Text;
  string qualification = DropDownList1.SelectedItem.ToString();
  string skills = CheckBoxList1.SelectedItem.ToString();

  using (var con = new SqlConnection(ConfigurationManager.ConnectionStrings["ConStr"].ConnectionString)) {
    con.Open();

    using(var cmd = con.CreateCommand()) {
      cmd.CommandText = 
        // replace all "field_for_*" for actual fields
        @"insert into JobRegisteration(
            field_for_name,
            field_for_user,
            field_for_password,
            field_for_email,
            field_for_phone, 
            field_for_address, 
            field_for_city, 
            field_for_gender, 
            field_for_dob, 
            field_for_qualification, 
            field_for_skills)
          values (
            @prm_name,
            @prm_user,
            @prm_password,
            @prm_email,
            @prm_phone, 
            @prm_address, 
            @prm_city, 
            @prm_gender, 
            @prm_dob, 
            @prm_qualification, 
            @prm_skills)";

       cmd.Parameters.AddWithValue("@prm_name", name);
       cmd.Parameters.AddWithValue("@prm_user", user);
       cmd.Parameters.AddWithValue("@prm_password", password);
       cmd.Parameters.AddWithValue("@prm_email", email); 
       cmd.Parameters.AddWithValue("@prm_phone", phone);
       cmd.Parameters.AddWithValue("@prm_address", address);
       cmd.Parameters.AddWithValue("@prm_city", city);
       cmd.Parameters.AddWithValue("@prm_gender", gender); 
       cmd.Parameters.AddWithValue("@prm_dob", dob);
       cmd.Parameters.AddWithValue("@prm_qualification", qualification);
       cmd.Parameters.AddWithValue("@prm_skills", skills);

       cmd.ExecuteNonQuery();
    }
  }
}
相关问题
最新问题