C#向SqlServer中插入记录时单引号的处理

2023年6月21日发(作者：)

C#向SqlServer中插⼊记录时单引号的处理Author:David EulerDate: 2004/11/17Email:

有任何问题，请与我联系:)种使⽤C#, 向表中插⼊记录值(Title, Content)【⽂章的标题和内容】，由于Content, Title中可能包含单引号，直接使⽤sql的insert命令会报错，对此有两种处理⽅法，⼀种将单引号替换成两个单引号，第2种⽅法是使⽤存储过程。表myBBS的格式定义如下：CREATE TABLE [dbo].[myBBS] ( [ID] [bigint] IDENTITY (1, 1) NOT NULL , [Title] [char] (160) COLLATE Chinese_PRC_CI_AS NULL , [Author] [char] (20) COLLATE Chinese_PRC_CI_AS NULL , [Date_of_Created] [datetime] NULL , [Abstract] [char] (480) COLLATE Chinese_PRC_CI_AS NULL , [Content] [ntext] COLLATE Chinese_PRC_CI_AS NOT NULL

) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]1、将单引号⽤两个单引号替换： SqlConnection coreDB=new SqlConnection(); tionString= "workstation id=/"GQA-ERIC-LV/";packet size=4096;integrated security=SSPI;" + "data source=/"gqa-eric-lv/";persist security info=False;initial catalog=CoreDB";

//单引号⽤"''"替换，以插⼊'到SQL Server中； string Title=e("'","''"); string Content=e("'","''"); if(()==""||()=="")return; string insertCMD into myBBS (Title,Content) Values('"+ Title + "','" +Content+"')"; SqlCommand myCommand = new SqlCommand(insertCMD,coreDB); (); SqlDataReader myReader = eReader(); (); ();2、使⽤存储过程来插⼊1) 创建存储过程：Create proc InsertMyBBSProc(@Title char(160), @Author char(20), @Content ntext)AS

Insert into myBBS(Title,Author,Content) Values(@Title, @Author, @Content)2) 查询分析器中测试存储过程：declare @title char(160)declare @author char(20)declare @content char(600)set @title='test title 3'set @author='david euler 3'set @content='it is the content 3'exec InsertMyBBSProc @title, @author, @content3) C#中通过SqlCommand执⾏存储过程： SqlConnection coreDB=new SqlConnection(); tionString= "workstation id=/"GQA-ERIC-LV/";packet size=4096;integrated security=SSPI;" + "data source=/"gqa-eric-lv/";persist security info=False;initial catalog=CoreDB";

string Title=; string Content=; if(()==""||()=="")return;

//InsertMyBBSProc是向MyBBS中插⼊数据的Procedure： SqlCommand insertCMD = new SqlCommand("InsertMyBBSProc",coreDB); dType=Procedure;//命令类型为存储过程;下⾯定义参数对象： SqlParameter prm1=new SqlParameter("@Title", ,160); SqlParameter prm2=new SqlParameter("@Author", ,20); SqlParameter prm3=new SqlParameter("@Content",,1073741823); ion=; ion=; ion=; //为insertCMD添加SQL参数： (prm1); (prm2); (prm3); //为SQL参数赋值： =Title; ="David Euler"; =Content; (); int recordsAffected=eNonQuery(); if(recordsAffected==1)(""); ();

2023年6月21日发(作者：)

C#向SqlServer中插⼊记录时单引号的处理Author:David EulerDate: 2004/11/17Email:

有任何问题，请与我联系:)种使⽤C#, 向表中插⼊记录值(Title, Content)【⽂章的标题和内容】，由于Content, Title中可能包含单引号，直接使⽤sql的insert命令会报错，对此有两种处理⽅法，⼀种将单引号替换成两个单引号，第2种⽅法是使⽤存储过程。表myBBS的格式定义如下：CREATE TABLE [dbo].[myBBS] ( [ID] [bigint] IDENTITY (1, 1) NOT NULL , [Title] [char] (160) COLLATE Chinese_PRC_CI_AS NULL , [Author] [char] (20) COLLATE Chinese_PRC_CI_AS NULL , [Date_of_Created] [datetime] NULL , [Abstract] [char] (480) COLLATE Chinese_PRC_CI_AS NULL , [Content] [ntext] COLLATE Chinese_PRC_CI_AS NOT NULL

) ON [PRIMARY] TEXTIMAGE_ON [PRIMARY]1、将单引号⽤两个单引号替换： SqlConnection coreDB=new SqlConnection(); tionString= "workstation id=/"GQA-ERIC-LV/";packet size=4096;integrated security=SSPI;" + "data source=/"gqa-eric-lv/";persist security info=False;initial catalog=CoreDB";

//单引号⽤"''"替换，以插⼊'到SQL Server中； string Title=e("'","''"); string Content=e("'","''"); if(()==""||()=="")return; string insertCMD into myBBS (Title,Content) Values('"+ Title + "','" +Content+"')"; SqlCommand myCommand = new SqlCommand(insertCMD,coreDB); (); SqlDataReader myReader = eReader(); (); ();2、使⽤存储过程来插⼊1) 创建存储过程：Create proc InsertMyBBSProc(@Title char(160), @Author char(20), @Content ntext)AS

Insert into myBBS(Title,Author,Content) Values(@Title, @Author, @Content)2) 查询分析器中测试存储过程：declare @title char(160)declare @author char(20)declare @content char(600)set @title='test title 3'set @author='david euler 3'set @content='it is the content 3'exec InsertMyBBSProc @title, @author, @content3) C#中通过SqlCommand执⾏存储过程： SqlConnection coreDB=new SqlConnection(); tionString= "workstation id=/"GQA-ERIC-LV/";packet size=4096;integrated security=SSPI;" + "data source=/"gqa-eric-lv/";persist security info=False;initial catalog=CoreDB";

string Title=; string Content=; if(()==""||()=="")return;

//InsertMyBBSProc是向MyBBS中插⼊数据的Procedure： SqlCommand insertCMD = new SqlCommand("InsertMyBBSProc",coreDB); dType=Procedure;//命令类型为存储过程;下⾯定义参数对象： SqlParameter prm1=new SqlParameter("@Title", ,160); SqlParameter prm2=new SqlParameter("@Author", ,20); SqlParameter prm3=new SqlParameter("@Content",,1073741823); ion=; ion=; ion=; //为insertCMD添加SQL参数： (prm1); (prm2); (prm3); //为SQL参数赋值： =Title; ="David Euler"; =Content; (); int recordsAffected=eNonQuery(); if(recordsAffected==1)(""); ();