好吧所以我试图在C#sql代码块中使用参数但是我在SQL表中获取@Data请帮助
string connectionString = @"Network Library=DBMSSOCN;Data Source=**********,1433;database=*******;User id=*****;Password=******;";
using (SqlConnection connection = new SqlConnection(connectionString))
{
connection.Open();
//
// Description of SQL command:
// 1. It selects all cells from rows matching the name.
// 2. It uses LIKE operator because Name is a Text field.
// 3. @Name must be added as a new SqlParameter.
//
using (SqlCommand command = new SqlCommand(
"INSERT INTO [dbo].[event_logs] ([event_level],[date_and_time],[source],[event_id],[task_category],[event_data],[channel],[computer_id],[created_at],[updated_at])VALUES('" + entry.EntryType + "','" + entry.TimeWritten + "','" + entry.Source + "','" + entry.InstanceId + "','" + entry.Category + "',' @Data ','" + logtype + "','" + computerID + "','" + DateTime.Now.ToString() + "','" + DateTime.Now.ToString() + "')", connection))
{
//
// Add new SqlParameter to the command.
//
command.Parameters.Add(new SqlParameter("@Data", entry.Message));
//
// Read in the SELECT results.
//
SqlDataReader reader = command.ExecuteReader();
while (reader.Read())
{
}
}
}
答案 0 :(得分:2)
INSERT不返回结果。使用.ExecuteNonQuery()代替.ExecuteReader()。
答案 1 :(得分:1)
你得到@Data,因为你的SQL字符串格式化为"',' @Data ','"这是错误的,它不再是一个变量,它本身就是一个SQL字符串。
您需要做的是修复从"',' @Data ','"到"', @Data ,'"的SQL查询,然后就可以了。
using (SqlCommand command = new SqlCommand(
"INSERT INTO [dbo].[event_logs] ([event_level],[date_and_time],[source],[event_id],[task_category],[event_data],[channel],[computer_id],[created_at],[updated_at])VALUES('" + entry.EntryType + "','" + entry.TimeWritten + "','" + entry.Source + "','" + entry.InstanceId + "','" + entry.Category + "', @Data ,'" + logtype + "','" + computerID + "','" + DateTime.Now.ToString() + "','" + DateTime.Now.ToString() + "')", connection))
{
// Add new SqlParameter to the command.
command.Parameters.Add(new SqlParameter("@Data", entry.Message));
command.ExecuteNonQuery();
}
答案 2 :(得分:0)
您需要在构造函数中指定名称和数据类型,以及新对象中的值:
command.Parameters.Add("@Data", SqlDbType.VarChar).Value = entry.Message;
答案 3 :(得分:0)
private void button2_Click(object sender, EventArgs e)
{
try
{
string sSQL = "INSERT INTO StuTable (Name, Batch,CGPA, DOB, Program,
Picture)VALUES (@Name, @Batch,@CGPA,@DOB,@Program,@Picture)";
SqlCommand objCmd = new SqlCommand(sSQL, conn);
objCmd.Parameters.Add("@Name", SqlDbType.VarChar, 50);
objCmd.Parameters.Add("@Batch", SqlDbType.Int);
objCmd.Parameters.Add("@CGPA", SqlDbType.Float);
objCmd.Parameters.Add("@DOB", SqlDbType.VarChar, 50);
objCmd.Parameters.Add("@Program", SqlDbType.VarChar, 50);
objCmd.Parameters.Add("@Picture", SqlDbType.VarChar, 500);
//objCmd.Parameters["@RegdNo"].Value = Convert.ToInt32(textBox3.Text);
objCmd.Parameters["@Name"].Value = textBox4.Text;
objCmd.Parameters["@Batch"].Value = textBox5.Text;
objCmd.Parameters["@CGPA"].Value = textBox6.Text;
objCmd.Parameters["@DOB"].Value = maskedTextBox1.Text;
objCmd.Parameters["@Program"].Value = textBox8.Text;
objCmd.Parameters["@Picture"].Value = textBox9.Text;
objCmd.ExecuteNonQuery();
// MessageBox.Show("Record Added");
}
catch (Exception te)
{
MessageBox.Show(te.Message.ToString());
}
}