如何将foreach循环中的值添加到SQL中?

时间:2014-05-29 12:59:28

标签: c# sql service

我有一个Windows服务形式的短信应用程序,我需要遍历一个包含存储在GSM调制解调器的SIM卡上的消息的集合,但是我的当前代码将无法编译,并出现以下错误;

Operator '+' cannot be applied to operands of type 'string' and 'method group'

我试图在foreach循环中嵌套我的SQL命令,但是如上所述,这不会编译,任何人都可以帮忙吗?

我打算顺便参与!这只是一个概念证明!

代码在

之下 
 private void SMSGetter()
        {

            Log("Getter Fired");

            //var message = GSM.ReadMessage(4);
            //GSM.ReadMessage(4);
            //TcpClientChannel client = new TcpClientChannel();
            //ChannelServices.RegisterChannel(client, false);
            //string url = "*********************";
            //ISmsSender smssender = (ISmsSender)Activator.GetObject(typeof(ISmsSender), url);

           try 
           {

               DecodedShortMessage[] messages = Comm.ReadMessages(PhoneMessageStatus.All, PhoneStorageType.Sim);
                SqlConnection Conn = new SqlConnection("Data Source=*********;Initial Catalog=********;User ID=**********;Password=**********");
               SqlCommand com = new SqlCommand();
               com.Connection = Conn;
               Conn.Open();
               foreach (DecodedShortMessage message in messages)
               {
                   com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES ('" +message.ToString + "', 'Yes')");
                   com.ExecuteNonQuery(); 
               }


               Conn.Close();
                return;
           }

            catch (Exception ex)
            {

                Log(ex.ToString());

            }
        }

4 个答案:

答案 0 :(得分:1)

 foreach (DecodedShortMessage message in messages)
               {
                   com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES (@par1,@par2)");
                   com.Parameters.AddWithValue( "@par1",message.ToString());
                   com.Parameters.AddWithValue("@par2","Yes");
                   com.ExecuteNonQuery(); 
               }

答案 1 :(得分:0)

您需要在ToString之后添加parens。

'" +message.ToString() + "'

Jon指出,最好使用参数:

com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES (@Message, @Blacklist)");
SqlParameter messageParam = new SqlParameter("@Message", System.Data.SqlDbType.NVarChar, 8000);
SqlParameter blacklistParam = new SqlParameter("@Blacklist", System.Data.SqlDbType.VarChar, 10);
messageParam.Value = message.ToString();
blacklistParam.Value = "Yes";
com.Parameters.Add(messageParam);
com.Parameters.Add(blacklistParam);
com.ExecuteNonQuery();

答案 2 :(得分:0)

你的命令文本应该是

com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES ('" + message.Tostring() + "', 'Yes')");

答案 3 :(得分:0)

首先,在ToString之后使用括号(它应该看起来像ToString())。

二。使用Parameterized SQLCommands来防止SQL注入攻击。而不是

foreach (DecodedShortMessage message in messages) {
    com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES ('" +message.ToString + "', 'Yes')");
    com.ExecuteNonQuery(); 
}

使用

foreach (DecodedShortMessage message in messages) {
    using (SqlCommand command = new SqlCommand("INSERT INTO SMSArchives (Message, Blacklist) VALUES (@par, 'Yes')", , connection)) {
       command.Parameters.AddWithValue("@par", message.ToString());
       command.ExecuteNonQuery(); 
    }
}
相关问题
最新问题