0
我有一个窗体,其中我有一个组合框填充表的列名我有一个文本框,我打算输入值,当我点击保存按钮时我想要的数据插入到已经选择的各个列中。C#和SQL Server 2005连接
这是我的代码。
private void button1_Click(object sender, EventArgs e)
{
try
{
myConnection.ConnectionString = "Data Source = AmiayaEjay-Vaio; Initial Catalog = RealTime; User ID = sa; Password = admin";
String combo1 = comboBox1.SelectedItem.ToString();
String combo2 = comboBox2.SelectedItem.ToString();
String combo3 = comboBox3.SelectedItem.ToString();
String combo4 = comboBox4.SelectedItem.ToString();
String combo5 = comboBox5.SelectedItem.ToString();
String combo6 = comboBox6.SelectedItem.ToString();
String combo7 = comboBox7.SelectedItem.ToString();
String combo8 = comboBox8.SelectedItem.ToString();
query1.CommandText = "insert into dbo.DepthTable ('" + combo1 + "','" + combo2 + "','" + combo3 + "','" + combo4 + "','" + combo5 + "','" + combo6 + "' ,'" + combo7 + "','" + combo8 + "') values ('" + textBox1.Text + "','" + textBox2.Text + "','" + textBox3.Text + "','" + textBox4.Text + "','" + textBox5.Text + "','" + textBox6.Text + "','" + textBox7.Text + "','" + textBox8.Text + "')";
query1.CommandType = CommandType.Text;
query1.Connection = myConnection;
myConnection.Open();
query1.ExecuteNonQuery();
}
catch (Exception ex)
{
throw ex;
}
myConnection.Close();
}
我不断获取我有无效的列名的错误消息,因为SQL命令不能看到COMBO1-combo8有一个有效的列名
您确定来自组合框的文本有有效的列名吗?也许尝试在查询中将方括号中的列名称包装起来? – Ken 2012-07-17 15:35:28
请做一些关于SQL注入攻击的研究! – 2012-07-17 15:36:23
您不需要列列表中的单引号,也可以在字符串变量中创建字符串以查看该值是什么,然后根据数据库架构验证该字符串... var query =“insert .... 。“ query1.CommandText = query; – christiandev 2012-07-17 15:54:53