为什么我的代码不会写入SQL?

时间:2014-05-29 16:59:08

标签: c# sql service

我正在编写一个应用程序来将文本存储到SQL数据库中,但是我的代码抛出了一个异常,说"变量名@ par1已经被声明",我不确定如何使这个工作,并希望一些帮助解决这个,如果可能请=]

违规代码低于

 private void SMSGetter()
    {
         try {

                DecodedShortMessage[] messages = Comm.ReadMessages(PhoneMessageStatus.All, PhoneStorageType.Sim);
                SqlConnection Conn = new SqlConnection("Data Source=*********;Initial Catalog=********;User ID=**********;Password=***********");
                SqlCommand com = new SqlCommand();
                com.Connection = Conn;
                Conn.Open();
                foreach (DecodedShortMessage message in messages)
                {

                    //com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES ('" + message.Data.UserDataText + "', 'Yes')");
                    //com.ExecuteNonQuery();
                    com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES (@par1,@par2)");
                    com.Parameters.AddWithValue("@par1", message.Data.UserDataText);
                    com.Parameters.AddWithValue("@par2", "Yes");
                    com.ExecuteNonQuery();
                }
                Conn.Close();

            }
            catch (Exception ex) {
                Log(ex.ToString());
            }
        }

3 个答案:

答案 0 :(得分:6)

每次迭代都使用相同的命令,但每次都添加参数。尝试拨打

com.Parameters.Clear();

在每次循环迭代结束时。您也可以预先创建参数,并在每次迭代时设置.Value - 可能稍微快一些。

另外:修复SQL注入漏洞:)

答案 1 :(得分:1)

private void SMSGetter()
{

    Log("Getter Fired");

    //var message = GSM.ReadMessage(4);
    //GSM.ReadMessage(4);
    //TcpClientChannel client = new TcpClientChannel();
    //ChannelServices.RegisterChannel(client, false);
    //string url = "*******";
    //ISmsSender smssender = (ISmsSender)Activator.GetObject(typeof(ISmsSender), url);
           try
        {

            DecodedShortMessage[] messages = Comm.ReadMessages(PhoneMessageStatus.All, PhoneStorageType.Sim);
            SqlConnection Conn = new SqlConnection("Data Source=*********;Initial Catalog=********;User ID=**********;Password=***********");
            SqlCommand com = new SqlCommand();
            com.Connection = Conn;
            Conn.Open();
            com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES (@par1,@par2)");
            com.Parameters.Add("@par1");
            com.Parameters.Add("@par2");
            foreach (DecodedShortMessage message in messages)
            {
                com.Parameters["@par1"].value = message.Data.UserDataText;
                com.Prepare(); //fix SQL injection :)
                com.ExecuteNonQuery();
            }


            Conn.Close();

        }

        catch (Exception ex)
        {

            Log(ex.ToString());

        }
    }

答案 2 :(得分:0)

您正在foreach中的每次迭代中添加参数。请考虑以下事项:

        com.CommandText = ("INSERT INTO SMSArchives(Message,Blacklist) VALUES (@par1,@par2)");
        command.Parameters.Add(new SqlParameter("@par1", ""));
        com.Parameters.AddWithValue("@par2", "Yes");
        foreach (DecodedShortMessage message in messages)
        {
            command.Parameters["@par1"].Value = message.Data.UserDataText;
            com.ExecuteNonQuery();
        }
相关问题
最新问题