Question

namespace crud_first
{
    public partial class Form1 : Form
    {
        SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=C:\Users\DELL\Documents\testing.mdf;Integrated Security=True;Connect Timeout=30;User Instance=True");
        public Form1()
        {
            InitializeComponent();
        }

        private void button1_Click(object sender, EventArgs e)
        {
            conn.Open();
            SqlCommand cmd = conn.CreateCommand();
            cmd.CommandType = CommandType.Text;
            cmd.CommandText = "insert into Table1 values('"+textBox1.Text+"','"+textBox2.Text+"','"+textBox3.Text+"')";
            cmd.ExecuteNonQuery();
            conn.Close();
            MessageBox.Show("Data Save Successfully...");

        }
    }
}

Answer 1

更正您的查询

cmd.CommandText = "insert into Table1 (column1, column2, column3) values(@column1, @column2, @column3)"

注意：这可以有SQL INJECTION。

使用AddWithValues();

cmd.Parameters.AddWithValue("@column1", txt1.Text.toString());
cmd.Parameters.AddWithValue("@column2", txt2.Text.toString());
cmd.Parameters.AddWithValue("@column3", txt3.Text.toString());

如何在保存数据时解决错误 - 不允许从数据类型varchar到varbinary的隐式转换

1 个答案: