我有以下代码:
try
{
//Create connection
SQLiteConnection conn = DBConnection.OpenDB();
//Verify user input, normally you give dbType a size, but Text is an exception
var uNavnParam = new SQLiteParameter("@uNavnParam", SqlDbType.Text) { Value = uNavn };
var bNavnParam = new SQLiteParameter("@bNavnParam", SqlDbType.Text) { Value = bNavn };
var passwdParam = new SQLiteParameter("@passwdParam", SqlDbType.Text) {Value = passwd};
var pc_idParam = new SQLiteParameter("@pc_idParam", SqlDbType.TinyInt) { Value = pc_id };
var noterParam = new SQLiteParameter("@noterParam", SqlDbType.Text) { Value = noter };
var licens_idParam = new SQLiteParameter("@licens_idParam", SqlDbType.TinyInt) { Value = licens_id };
var insertSQL = new SQLiteCommand("INSERT INTO Brugere (navn, brugernavn, password, pc_id, noter, licens_id)" +
"VALUES ('@uNameParam', '@bNavnParam', '@passwdParam', '@pc_idParam', '@noterParam', '@licens_idParam')", conn);
insertSQL.Parameters.Add(uNavnParam); //replace paramenter with verified userinput
insertSQL.Parameters.Add(bNavnParam);
insertSQL.Parameters.Add(passwdParam);
insertSQL.Parameters.Add(pc_idParam);
insertSQL.Parameters.Add(noterParam);
insertSQL.Parameters.Add(licens_idParam);
insertSQL.ExecuteNonQuery(); //Execute query
//Close connection
DBConnection.CloseDB(conn);
//Let the user know that it was changed succesfully
this.Text = "Succes! Changed!";
}
catch(SQLiteException e)
{
//Catch error
MessageBox.Show(e.ToString(), "ALARM");
}
它执行得很完美,但是当我查看我的“brugere”表时,它插入了值:'@ nameParam','@ bnavnParam','@ passwdParam','@ pc_idParam','@ noterParam','@ licens_idParam'字面意思。而不是替换它们。
我试过制作一个断点并检查参数,它们确实有正确的指定值。所以这也不是问题。
我现在一直在修补这个问题,没有运气,任何人都可以帮忙吗?
哦,以供参考,这是DBConnection类的OpenDB方法:
public static SQLiteConnection OpenDB()
{
try
{
//Gets connectionstring from app.config
const string myConnectString = "data source=data;";
var conn = new SQLiteConnection(myConnectString);
conn.Open();
return conn;
}
catch (SQLiteException e)
{
MessageBox.Show(e.ToString(), "ALARM");
return null;
}
}
答案 0 :(得分:30)
您应该在INSERT语句中删除参数名称周围的引号。
所以而不是
VALUES ('@uNameParam', '@bNavnParam', '@passwdParam', '@pc_idParam',
'@noterParam', '@licens_idParam')
使用
VALUES (@uNameParam, @bNavnParam, @passwdParam, @pc_idParam,
@noterParam, @licens_idParam)
答案 1 :(得分:3)
感谢rwwilden和Jorge Villuendas,答案是:
var insertSQL = new SQLiteCommand("INSERT INTO Brugere (navn, brugernavn, password, pc_id, noter, licens_id)" +
" VALUES (@uNavnParam, @bNavnParam, @passwdParam, @pc_idParam, @noterParam, @licens_idParam)", conn);
insertSQL.Parameters.AddWithValue("@uNavnParam", uNavn);
insertSQL.Parameters.AddWithValue("@bNavnParam", bNavn);
insertSQL.Parameters.AddWithValue("@passwdParam", passwd);
insertSQL.Parameters.AddWithValue("@pc_idParam", pc_id);
insertSQL.Parameters.AddWithValue("@noterParam", noter);
insertSQL.Parameters.AddWithValue("@licens_idParam", licens_id);
insertSQL.ExecuteNonQuery(); //Execute query
答案 2 :(得分:1)
当您使用System.Data.SqlClient时,您会提供System.Data.SqlDbType枚举中的参数类型。
但如果您使用System.Data.SQLite,则必须使用**System.Data.DbType**枚举。
答案 3 :(得分:0)
替换
VALUES('@ nameParam','@ bNavnParam', '@ passwdParam','@ pc_idParam', '@noterParam','@ itsens_idParam')
带
VALUES(?,?,?,?,?,?)