我想将sql查询存储在数据库表列中。我想做动态控件和动态数据源。当我将查询放入文本框并执行它时,给我一个错误Input string was not in a correct format.下面是我的代码。
thisCommand.CommandText = "Update Allowance_FormFields set LabelName='" +
controlText + "', ControlTypeId=" +
Convert.ToInt32(ddlControlTypes.SelectedValue) + ", ControlOrder=" +
txtControlOrder.Text + ", ControlDataSize=" +
Convert.ToInt32(ddlControlDataLength.SelectedValue) + "," +
"ControlData='" + txtControlData.Text + "', AllowanceId=" +
Convert.ToInt32(ddlAllowances.SelectedValue) +
"VisibleTo=" + Convert.ToInt32(ddlVisibleTo.SelectedValue) +
" Where FormFieldId=" + hdnFormControlId.Value + "";
我在txtControlData.Text中使用查询select top 2 employeeid,firstname from employees。如何使用它。
答案 0 :(得分:3)
问题:您遗失了Conversion列ControlOrder,因此ControlOrder列将被视为String并检查{{围绕着它并且因为它们缺失它会抱怨。
解决方案:如果列single quotes为ControlOrder类型,请执行转换,就像对其他列一样。
试试这个:但我不建议这个
INT 建议:您的查询向thisCommand.CommandText = "Update Allowance_FormFields set LabelName='" +
controlText + "',ControlTypeId=" + Convert.ToInt32(ddlControlTypes.SelectedValue) + ",ControlOrder=" + Convert.ToInt32(txtControlOrder.Text) +",ControlDataSize=" + Convert.ToInt32(ddlControlDataLength.SelectedValue) + "," +
"ControlData='" + txtControlData.Text + "',AllowanceId=" + Convert.ToInt32(ddlAllowances.SelectedValue) +
"VisibleTo=" + Convert.ToInt32(ddlVisibleTo.SelectedValue) +" Where FormFieldId=" + hdnFormControlId.Value + "";
开放,我强烈建议您使用SQL injection attacks来避免这些问题。
注意:如果您使用parameterised sql queries,则可以忽略转化,因为这些参数将隐式发送所需类型。
试一试:使用parameterised SQL queries
parameterised SQL queries答案 1 :(得分:0)
这部分可能是问题(价值周围没有撇号):
ControlOrder=" + txtControlOrder.Text
我建议你把整个事情写出来,用样本值替换所有的TextBox值等等。你也可能会遇到其他错别字。
答案 2 :(得分:0)
一次,答案确实是:参数化您的命令字符串。无论如何你应该这样做,但是它会更容易找到你在命令字符串中出错的地方,比如省略引号。
答案 3 :(得分:0)
A few pointers :
1) Why dont you use stored procedures to perform these kind of operations
2) The answer proposed by Sudhakar is a good option.
3) In case, if you still want to use the your original method to update database, then make sure the entire commandtext value is of string data type. I see that there is a combination of string and integer values.
4) You may use apostrophe to bifurcate the values. It is easier to keep track of the string.
5) You may use string builder to create the entire commandtext string.