UC知道如何执行数据插入
来源:百度知道 编辑:UC知道 时间:2024/05/10 10:41:37
我想执行一条数据插入的语句,string CommandText="insert into class values('**','**','**')";而values括号里我要插入的新内容要从3个textbox控件里读取,该如何操作?
插入的数据第一个是CHAR型,后两个是INT型,那SQL语句该怎么写啊,这样对吗?
protected void Button4_Click(object sender, EventArgs e)
{
string ConnectionString = ConfigurationSettings.AppSettings["jwcsystemConnectString"];
SqlConnection myConnection = new SqlConnection(ConnectionString);
string CommandText1 = "insert into class values('" + TextBox1.Text.ToString().Trim() + "','" + Convert.ToInt32(TextBox2.Text, 10) + "','" + Convert.ToInt32(TextBox3.Text, 10) + "')";
try
{
myConnection.Open();
SqlCommand myCommand1 = new SqlCommand(CommandText1, myConnection);
}
catch (Exception ex)
{
throw (ex);
}
插入的数据第一个是CHAR型,后两个是INT型,那SQL语句该怎么写啊,这样对吗?
protected void Button4_Click(object sender, EventArgs e)
{
string ConnectionString = ConfigurationSettings.AppSettings["jwcsystemConnectString"];
SqlConnection myConnection = new SqlConnection(ConnectionString);
string CommandText1 = "insert into class values('" + TextBox1.Text.ToString().Trim() + "','" + Convert.ToInt32(TextBox2.Text, 10) + "','" + Convert.ToInt32(TextBox3.Text, 10) + "')";
try
{
myConnection.Open();
SqlCommand myCommand1 = new SqlCommand(CommandText1, myConnection);
}
catch (Exception ex)
{
throw (ex);
}
完整代码如下:
string col1 = TextBox1.Text.Trim().Replace("'","''");
int col2,col3;
try{
col2 = int.Parse(extBox2.Text.Trim());
col3 = int.Parse(extBox3.Text.Trim());
}
catch(System.Exception){
Response.Write("请输入数字!");
return;
}
string CommandText="insert into class(col1,col2,col3) values('" + col1 + "'," + col2.ToString() + "," + col3.ToString() + ")";
楼上的基本可以实现,不过要加上防注入的部分,就是把一个单引号替换成2个单引号:
string CommandText="insert into class(col1,col2,col3) values('"+textbox1.Text.Trim().Replace("'","''")+"','"+textbox2.Text.Trim().Replace("'","''")+"','"+textbox3.Text.Trim().Replace("'","''")+"')";
还有就是,如果你的字段中有数值型,在执行SQL之前要先判断一下是不是数字,否则插入时会报错。
比如有三个字段 col1,