2023年6月21日发(作者:)
C#向SqlServer中插⼊记录时单引号的处理Author:David EulerDate: 2004/11/17Email:
有任何问题,请与我联系:)种使⽤C#, 向表中插⼊记录值(Title, Content)【⽂章的标题和内容】,由于Content, Title中可能包含单引号,直接使⽤sql的insert命令会报错,对此有两种处理⽅法,⼀种将单引号替换成两个单引号,第2种⽅法是使⽤存储过程。表myBBS的格式定义如下:CREATE TABLE [dbo].[myBBS] ( [ID] [bigint] IDENTITY (1, 1) NOT NULL , [Title] [char] (160) COLLATE Chinese_PRC_CI_AS NULL , [Author] [char] (20) COLLATE Chinese_PRC_CI_AS NULL , [Date_of_Created] [datetime] NULL , [Abstract] [char] (480) COLLATE Chinese_PRC_CI_AS NULL , [Content] [ntext] COLLATE Chinese_PRC_CI_AS NOT NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]1、将单引号⽤两个单引号替换: SqlConnection coreDB=new SqlConnection(); tionString= "workstation id=/"GQA-ERIC-LV/";packet size=4096;integrated security=SSPI;" + "data source=/"gqa-eric-lv/";persist security info=False;initial catalog=CoreDB";
//单引号⽤"''"替换,以插⼊'到SQL Server中; string Title=e("'","''"); string Content=e("'","''"); if(()==""||()=="")return; string insertCMD into myBBS (Title,Content) Values('"+ Title + "','" +Content+"')"; SqlCommand myCommand = new SqlCommand(insertCMD,coreDB); (); SqlDataReader myReader = eReader(); (); ();2、使⽤存储过程来插⼊1) 创建存储过程:Create proc InsertMyBBSProc(@Title char(160), @Author char(20), @Content ntext)AS
Insert into myBBS(Title,Author,Content) Values(@Title, @Author, @Content)2) 查询分析器中测试存储过程:declare @title char(160)declare @author char(20)declare @content char(600)set @title='test title 3'set @author='david euler 3'set @content='it is the content 3'exec InsertMyBBSProc @title, @author, @content3) C#中通过SqlCommand执⾏存储过程: SqlConnection coreDB=new SqlConnection(); tionString= "workstation id=/"GQA-ERIC-LV/";packet size=4096;integrated security=SSPI;" + "data source=/"gqa-eric-lv/";persist security info=False;initial catalog=CoreDB";
string Title=; string Content=; if(()==""||()=="")return;
//InsertMyBBSProc是向MyBBS中插⼊数据的Procedure: SqlCommand insertCMD = new SqlCommand("InsertMyBBSProc",coreDB); dType=Procedure;//命令类型为存储过程;下⾯定义参数对象: SqlParameter prm1=new SqlParameter("@Title", ,160); SqlParameter prm2=new SqlParameter("@Author", ,20); SqlParameter prm3=new SqlParameter("@Content",,1073741823); ion=; ion=; ion=; //为insertCMD添加SQL参数: (prm1); (prm2); (prm3); //为SQL参数赋值: =Title; ="David Euler"; =Content; (); int recordsAffected=eNonQuery(); if(recordsAffected==1)(""); ();
2023年6月21日发(作者:)
C#向SqlServer中插⼊记录时单引号的处理Author:David EulerDate: 2004/11/17Email:
有任何问题,请与我联系:)种使⽤C#, 向表中插⼊记录值(Title, Content)【⽂章的标题和内容】,由于Content, Title中可能包含单引号,直接使⽤sql的insert命令会报错,对此有两种处理⽅法,⼀种将单引号替换成两个单引号,第2种⽅法是使⽤存储过程。表myBBS的格式定义如下:CREATE TABLE [dbo].[myBBS] ( [ID] [bigint] IDENTITY (1, 1) NOT NULL , [Title] [char] (160) COLLATE Chinese_PRC_CI_AS NULL , [Author] [char] (20) COLLATE Chinese_PRC_CI_AS NULL , [Date_of_Created] [datetime] NULL , [Abstract] [char] (480) COLLATE Chinese_PRC_CI_AS NULL , [Content] [ntext] COLLATE Chinese_PRC_CI_AS NOT NULL
) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]1、将单引号⽤两个单引号替换: SqlConnection coreDB=new SqlConnection(); tionString= "workstation id=/"GQA-ERIC-LV/";packet size=4096;integrated security=SSPI;" + "data source=/"gqa-eric-lv/";persist security info=False;initial catalog=CoreDB";
//单引号⽤"''"替换,以插⼊'到SQL Server中; string Title=e("'","''"); string Content=e("'","''"); if(()==""||()=="")return; string insertCMD into myBBS (Title,Content) Values('"+ Title + "','" +Content+"')"; SqlCommand myCommand = new SqlCommand(insertCMD,coreDB); (); SqlDataReader myReader = eReader(); (); ();2、使⽤存储过程来插⼊1) 创建存储过程:Create proc InsertMyBBSProc(@Title char(160), @Author char(20), @Content ntext)AS
Insert into myBBS(Title,Author,Content) Values(@Title, @Author, @Content)2) 查询分析器中测试存储过程:declare @title char(160)declare @author char(20)declare @content char(600)set @title='test title 3'set @author='david euler 3'set @content='it is the content 3'exec InsertMyBBSProc @title, @author, @content3) C#中通过SqlCommand执⾏存储过程: SqlConnection coreDB=new SqlConnection(); tionString= "workstation id=/"GQA-ERIC-LV/";packet size=4096;integrated security=SSPI;" + "data source=/"gqa-eric-lv/";persist security info=False;initial catalog=CoreDB";
string Title=; string Content=; if(()==""||()=="")return;
//InsertMyBBSProc是向MyBBS中插⼊数据的Procedure: SqlCommand insertCMD = new SqlCommand("InsertMyBBSProc",coreDB); dType=Procedure;//命令类型为存储过程;下⾯定义参数对象: SqlParameter prm1=new SqlParameter("@Title", ,160); SqlParameter prm2=new SqlParameter("@Author", ,20); SqlParameter prm3=new SqlParameter("@Content",,1073741823); ion=; ion=; ion=; //为insertCMD添加SQL参数: (prm1); (prm2); (prm3); //为SQL参数赋值: =Title; ="David Euler"; =Content; (); int recordsAffected=eNonQuery(); if(recordsAffected==1)(""); ();
发布评论