我有一个asp.net子例程,它接受一个选定的gridview行,并通过数据适配器将其插入到SQL Sever表中。一切都很好......直到一个字符串包含一个撇号。这是有效的,因为它是一个名称字段,其中一个例子是" O' Neil"。它转换成的是" O' Neil"。
有没有办法防止这种情况发生?我将insert命令转换为参数化语句,但它没有解决问题。我在下面发布的代码是通过在线示例和解决方案组合而成的。"我真的希望它很简单,我很遗憾(人们只能希望:))。
所以现在发生的任何事情都是有效的代码,但是将撇号转换为Web代码。
我只发布了我尝试进行故障排除的子程序。感谢您的任何见解。
Protected Sub btnReconcile_Click(sender As Object, e As EventArgs)
Dim connectionString As String = System.Configuration.ConfigurationManager.ConnectionStrings("conn_MIA_2014_15_v1").ConnectionString
Dim connection As SqlConnection
Dim insertString As String
Dim adapter As SqlDataAdapter = New SqlDataAdapter()
connection = New SqlConnection(connectionString)
Dim Campus As String
Dim Student_ID As Integer
Dim Student_Name As String
Dim Enrolled As String
Dim Date_Returned As Date
Dim Count_Absent_Days As Integer
Dim Chronic_Health As String
Dim Date_Of_Behavior As Date
Dim Total_Days_Suspended As Integer
For Each item As GridViewRow In Me.GridView1.Rows
If CType(item.Cells(0).FindControl("cbSelect"), CheckBox).Checked Then
Campus = item.Cells(1).Text
Student_ID = CInt(item.Cells(2).Text)
Student_Name = item.Cells(3).Text
Enrolled = item.Cells(4).Text
Date_Returned = CDate(item.Cells(5).Text)
Count_Absent_Days = CInt(item.Cells(6).Text)
Chronic_Health = item.Cells(7).Text
Date_Of_Behavior = CDate(item.Cells(8).Text)
Total_Days_Suspended = CInt(item.Cells(9).Text)
insertString = "insert into TC_Audit_More_Than_8_Days_WO_Entry_CH_Sus_Rec " & _
"(Campus,Student_ID,Student_Name,Enrolled,Date_Returned,Count_Absent_Days,Chronic_Health,Date_Of_Behavior,Total_Days_Suspended) " & _
"values (@Campus,@Student_ID,@Student_Name,@Enrolled,@Date_Returned,@Count_Absent_Days,@Chronic_Health,@Date_Of_Behavior,@Total_Days_Suspended)"
adapter.InsertCommand = New SqlCommand(insertString, connection)
adapter.InsertCommand.Parameters.AddWithValue("@Campus", Campus)
adapter.InsertCommand.Parameters.AddWithValue("@Student_ID", Student_ID)
adapter.InsertCommand.Parameters.AddWithValue("@Student_Name", Student_Name)
adapter.InsertCommand.Parameters.AddWithValue("@Enrolled", Enrolled)
adapter.InsertCommand.Parameters.AddWithValue("@Date_Returned", Date_Returned)
adapter.InsertCommand.Parameters.AddWithValue("@Count_Absent_Days", Count_Absent_Days)
adapter.InsertCommand.Parameters.AddWithValue("@Chronic_Health", Chronic_Health)
adapter.InsertCommand.Parameters.AddWithValue("@Date_Of_Behavior", Date_Of_Behavior)
adapter.InsertCommand.Parameters.AddWithValue("@Total_Days_Suspended", Total_Days_Suspended)
Try
connection.Open()
adapter.InsertCommand.ExecuteNonQuery()
Catch ex As Exception
End Try
connection.Close()
End If
Next
Me.GridView1.DataBind()
Me.GridView2.DataBind()
End Sub
答案 0 :(得分:0)
为了确保我们在同一页面上,您已经使用两个单引号尝试了insert语句,对吗?因为我在你的代码中没有看到这一点。它应该是这样的:
Protected Sub btnReconcile_Click(sender As Object, e As EventArgs)
Dim connectionString As String = System.Configuration.ConfigurationManager.ConnectionStrings("conn_MIA_2014_15_v1").ConnectionString
Dim connection As SqlConnection
Dim insertString As String
Dim adapter As SqlDataAdapter = New SqlDataAdapter()
connection = New SqlConnection(connectionString)
Dim Campus As String
Dim Student_ID As Integer
Dim Student_Name As String
Dim Enrolled As String
Dim Date_Returned As Date
Dim Count_Absent_Days As Integer
Dim Chronic_Health As String
Dim Date_Of_Behavior As Date
Dim Total_Days_Suspended As Integer
For Each item As GridViewRow In Me.GridView1.Rows
If CType(item.Cells(0).FindControl("cbSelect"), CheckBox).Checked Then
Campus = item.Cells(1).Text
Student_ID = CInt(item.Cells(2).Text)
Student_Name = item.Cells(3).Text
Enrolled = item.Cells(4).Text
Date_Returned = CDate(item.Cells(5).Text)
Count_Absent_Days = CInt(item.Cells(6).Text)
Chronic_Health = item.Cells(7).Text
Date_Of_Behavior = CDate(item.Cells(8).Text)
Total_Days_Suspended = CInt(item.Cells(9).Text)
insertString = "insert into TC_Audit_More_Than_8_Days_WO_Entry_CH_Sus_Rec " & _
"(Campus,Student_ID,Student_Name,Enrolled,Date_Returned,Count_Absent_Days,Chronic_Health,Date_Of_Behavior,Total_Days_Suspended) " & _
"values (@Campus,@Student_ID,@Student_Name,@Enrolled,@Date_Returned,@Count_Absent_Days,@Chronic_Health,@Date_Of_Behavior,@Total_Days_Suspended)"
adapter.InsertCommand = New SqlCommand(insertString, connection)
adapter.InsertCommand.Parameters.AddWithValue("@Campus", Campus)
adapter.InsertCommand.Parameters.AddWithValue("@Student_ID", Student_ID)
' I modified the line below...
adapter.InsertCommand.Parameters.AddWithValue("@Student_Name", Replace(Student_Name,"'","''") '<-- see what I did there?
adapter.InsertCommand.Parameters.AddWithValue("@Enrolled", Enrolled)
adapter.InsertCommand.Parameters.AddWithValue("@Date_Returned", Date_Returned)
adapter.InsertCommand.Parameters.AddWithValue("@Count_Absent_Days", Count_Absent_Days)
adapter.InsertCommand.Parameters.AddWithValue("@Chronic_Health", Chronic_Health)
adapter.InsertCommand.Parameters.AddWithValue("@Date_Of_Behavior", Date_Of_Behavior)
adapter.InsertCommand.Parameters.AddWithValue("@Total_Days_Suspended", Total_Days_Suspended)
Try
connection.Open()
adapter.InsertCommand.ExecuteNonQuery()
Catch ex As Exception
End Try
connection.Close()
End If
Next
Me.GridView1.DataBind()
Me.GridView2.DataBind()
End Sub
答案 1 :(得分:0)
我面临同样的问题。我搜索了很多。最后我通过将页面的内容类型更改为
来解决它<%@ Page Language="C#" AutoEventWireup="true" EnableViewState="true" Debug="true" ContentType="application/xhtml+xm" %>