使用sql server 2008 winform C#

时间:2014-02-19 08:38:05

标签: c# winforms sql-server-2008

我有数据库的问题我在c#中使用winform当我通过表单输入数据时它会在数据之前在名称列中创建一个空格所以我想删除它可以任何人帮助我 name列具有数据类型varchar,而contact no具有numeric数据类型,它不会在它之前创建空间

我的代码:

private void btnAddNew_Click(object sender, EventArgs e)
{
        string Gender = "";

        if (radioButton1.Checked)
        {
            Gender = "Male";
        }
        else if (radioButton2.Checked)
        {
            Gender = "Female";
        }

        if (txtName.Text == "")
        {
            MessageBox.Show("Enter the customer name.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
            txtName.Focus();
        }
        else if (Gender == "")
        {
            MessageBox.Show("Enter the gender.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
            grpGender.Focus();
        }
        else if (txtAddress.Text == "")
        {
            MessageBox.Show("Enter the Address.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
            txtAddress.Focus();
        }
        else if (txtContact.Text == "")
        {
            MessageBox.Show("Enter Contact No.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Stop);
            txtContact.Focus();
        }
        else
        {
            SqlConnection con = new SqlConnection("Data Source=RANJEETMAURYA;Initial Catalog=Project;Integrated Security=True");
            con.Open();

            SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
                     (Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text + " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " + txtEmail.Text + " ')", con);
            cmd.ExecuteNonQuery();
            con.Close();
            MessageBox.Show("Customer Information Added Successfully.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Information);
            SQLFunctions.Refresh(this.dataGridView1);
            clear();
        }
}

4 个答案:

答案 0 :(得分:1)

问题:您在INSERT INTO语句中提供参数值时添加了额外的空格,如下所示:

        |
        |
       >
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text    
+ " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " +     
txtEmail.Text + " ')", con);

建议:您的查询对sqlinjection攻击开放,因此我建议您使用参数化查询来避免它们。

试一试:使用Parameterised Queries

替换它:

SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
(Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text + " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " + txtEmail.Text + " ')", con);

有了这个:

 SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
    (Date, Contact_No, Name, Gender, Address, Email_ID)
    VALUES(@Date,@Contact,,@Name,@Gender,@Address,@Email)", con);

 cmd.Parameters.AddWithValue("@Date",this.dateTimePicker1.Value.ToString("MM/dd/yyyy"));
 cmd.Parameters.AddWithValue("@Contact",txtContact.Text);
 cmd.Parameters.AddWithValue("@Name",txtName.Text);
 cmd.Parameters.AddWithValue("@Gender",Gender);
 cmd.Parameters.AddWithValue("@Address", txtAddress.Text);
 cmd.Parameters.AddWithValue("@Email", txtEmail.Text);

答案 1 :(得分:0)

删除空格

" ',' " + txtName.Text.Trim() + " ',' " + Gender + " ',' "


"','" + txtName.Text.Trim() + "','" + Gender + "','"

但是你最好删除所有这些字符串连接并开始使用SQL参数

答案 2 :(得分:0)

看看这一行

VALUES(' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',' " + txtName.Text + " ',' " + Gender + " ',' " + txtAddress.Text + " ',' " + txtContact.Text + " ',' " + txtEmail.Text + " ')", con);

您在单引号前后放置了一个空格。例如

' " + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + " ',

实际上,您已在所有值赋值之后和之前指定了空格。

顺便说一下,这不是在数据库中插入/更新/删除操作的好方法。您应该使用Parenthesized Query。 

SqlCommand Cmd = Connection.CreateCommand();
Cmd.CommandText = "Insert Into [TableName](Column1,Column2,Column3)Values(@Column1,Column2,Column3)";
Cmd.Parameters.Add("@@Column1", SqlDbType.Int).Value = 1;
Cmd.Parameters.Add("@@Column1", SqlDbType.Varchar).Value = "Shell";
Cmd.Parameters.Add("@@Column1", SqlDbType.SmallDateTime).Value = System.DateTime.Now;
Cmd.ExecuteNonQuery();

答案 3 :(得分:0)

在“'”之前和之后你有一些额外的空格。删除它们,因为它将直接插入数据库。

使用此:

 SqlCommand cmd = new SqlCommand(@"INSERT INTO CustomerDetails
                     (Date, Contact_No, Name, Gender, Address, Email_ID)
VALUES('" + this.dateTimePicker1.Value.ToString("MM/dd/yyyy") + "','" + txtName.Text + "','" + Gender + "','" + txtAddress.Text + "','" + txtContact.Text + "','" + txtEmail.Text + "')", con);
            cmd.ExecuteNonQuery();
            con.Close();
            MessageBox.Show("Customer Information Added Successfully.", "Dairy Management System", MessageBoxButtons.OK, MessageBoxIcon.Information);
            SQLFunctions.Refresh(this.dataGridView1);
            clear();
相关问题
最新问题