string country,city,viewers,pay,gender,name,title,details;
DateTime d1=DateTime.Parse(tbdate.Text);
country=ddlcompany.SelectedItem.Text;
city=tbcity.Text;
viewers =ddlviewers.SelectedItem.Text;
pay=ddlpayment.SelectedItem.Text;
gender=ddlsex.SelectedItem.Text;
name=tbadname.Text;
title=tbadtitle.Text;
details=tbaddetails.Text;
SqlCommand cmd = new SqlCommand
("insert into ADVERTISEMENT
Adv_Category,Country,City,Strat_Date,No_of_Viewers,Adv_Payment_Way,
Viewers_Gender,Adv_Name,Adv_Title,Adv_Details)
values('SMS',country,city,d1,viewers,pay,gender,name,title,details)", con);
答案 0 :(得分:3)
问题在于:
values('SMS',country,city,d1,viewers,pay,gender,name,title,details)
最好做到以下几点:
values('SMS',@country,@city,@d1,@viewers,@pay,@gender,@name,@title,@details)
并将参数传递给SqlCommand。
var param = new SqlParam("@country");
param.Value = country;
cmd.Parameters.Add(param);