C#SQL参数插入查询无法正常工作

时间:2014-08-12 15:51:41

标签: c# sql .net

好吧所以我试图在C#sql代码块中使用参数但是我在SQL表中获取@Data请帮助

            string connectionString = @"Network Library=DBMSSOCN;Data Source=**********,1433;database=*******;User id=*****;Password=******;";
            using (SqlConnection connection = new SqlConnection(connectionString))
            {
                connection.Open();
                //
                // Description of SQL command:
                // 1. It selects all cells from rows matching the name.
                // 2. It uses LIKE operator because Name is a Text field.
                // 3. @Name must be added as a new SqlParameter.
                //
                using (SqlCommand command = new SqlCommand(
                "INSERT INTO [dbo].[event_logs] ([event_level],[date_and_time],[source],[event_id],[task_category],[event_data],[channel],[computer_id],[created_at],[updated_at])VALUES('" + entry.EntryType + "','" + entry.TimeWritten + "','" + entry.Source + "','" + entry.InstanceId + "','" + entry.Category + "',' @Data ','" + logtype + "','" + computerID + "','" + DateTime.Now.ToString() + "','" + DateTime.Now.ToString() + "')", connection))
                {
                    //
                    // Add new SqlParameter to the command.
                    //
                    command.Parameters.Add(new SqlParameter("@Data", entry.Message));
                    //
                    // Read in the SELECT results.
                    //
                    SqlDataReader reader = command.ExecuteReader();
                    while (reader.Read())
                    {

                    }
                }
            }

4 个答案:

答案 0 :(得分:2)

INSERT不返回结果。使用.ExecuteNonQuery()代替.ExecuteReader()

答案 1 :(得分:1)

你得到@Data,因为你的SQL字符串格式化为"',' @Data ','"这是错误的,它不再是一个变量,它本身就是一个SQL字符串。

您需要做的是修复从"',' @Data ','""', @Data ,'"的SQL查询,然后就可以了。

using (SqlCommand command = new SqlCommand(
"INSERT INTO [dbo].[event_logs] ([event_level],[date_and_time],[source],[event_id],[task_category],[event_data],[channel],[computer_id],[created_at],[updated_at])VALUES('" + entry.EntryType + "','" + entry.TimeWritten + "','" + entry.Source + "','" + entry.InstanceId + "','" + entry.Category + "', @Data ,'" + logtype + "','" + computerID + "','" + DateTime.Now.ToString() + "','" + DateTime.Now.ToString() + "')", connection))
{

    // Add new SqlParameter to the command.

    command.Parameters.Add(new SqlParameter("@Data", entry.Message));
    command.ExecuteNonQuery();
}

答案 2 :(得分:0)

您需要在构造函数中指定名称和数据类型,以及新对象中的值:

command.Parameters.Add("@Data", SqlDbType.VarChar).Value = entry.Message;

答案 3 :(得分:0)

private void button2_Click(object sender, EventArgs e)
{ 
    try
    {
        string sSQL = "INSERT INTO StuTable (Name, Batch,CGPA, DOB, Program, 
            Picture)VALUES (@Name, @Batch,@CGPA,@DOB,@Program,@Picture)";
        SqlCommand objCmd = new SqlCommand(sSQL, conn);

        objCmd.Parameters.Add("@Name", SqlDbType.VarChar, 50);
        objCmd.Parameters.Add("@Batch", SqlDbType.Int);
        objCmd.Parameters.Add("@CGPA", SqlDbType.Float);
        objCmd.Parameters.Add("@DOB", SqlDbType.VarChar, 50);
        objCmd.Parameters.Add("@Program", SqlDbType.VarChar, 50);
        objCmd.Parameters.Add("@Picture", SqlDbType.VarChar, 500);

        //objCmd.Parameters["@RegdNo"].Value = Convert.ToInt32(textBox3.Text);
        objCmd.Parameters["@Name"].Value = textBox4.Text;
        objCmd.Parameters["@Batch"].Value = textBox5.Text;
        objCmd.Parameters["@CGPA"].Value = textBox6.Text;
        objCmd.Parameters["@DOB"].Value = maskedTextBox1.Text;
        objCmd.Parameters["@Program"].Value = textBox8.Text;
        objCmd.Parameters["@Picture"].Value = textBox9.Text;

        objCmd.ExecuteNonQuery();

        // MessageBox.Show("Record Added");

    }
    catch (Exception te)
    {
        MessageBox.Show(te.Message.ToString());
    }
}