UC知道SQL中的cmd.executenonquery问题
来源:百度知道 编辑:UC知道 时间:2024/06/23 16:12:43
string abc;
if (textBox1.Text == "" || textBox2.Text == "" || textBox3.Text == "" || textBox4.Text == "")
{
MessageBox.Show("输入的信息不完整,请重新输入!", "信息提示!", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
SqlConnection con=new SqlConnection ("Data Source=YESHUAI;Initial Catalog=MysqlData;Persist Security Info=True;User ID=sa;Password=1990815815");
StringBuilder strSQl =new StringBuilder ();
con.Open();
SqlCommand cmd = new SqlCommand(strSQl.ToString(), con);
abc = "insert into 应付帐 (供应商名,购入金额,已付款,应付款) values('" + textBox1.Text.Trim() + "','" + textBox2.Text.Trim() + "','" + textBox3.Text.Trim() + "','" + textBox4.Text.Trim() + &q
if (textBox1.Text == "" || textBox2.Text == "" || textBox3.Text == "" || textBox4.Text == "")
{
MessageBox.Show("输入的信息不完整,请重新输入!", "信息提示!", MessageBoxButtons.OK, MessageBoxIcon.Information);
}
else
{
SqlConnection con=new SqlConnection ("Data Source=YESHUAI;Initial Catalog=MysqlData;Persist Security Info=True;User ID=sa;Password=1990815815");
StringBuilder strSQl =new StringBuilder ();
con.Open();
SqlCommand cmd = new SqlCommand(strSQl.ToString(), con);
abc = "insert into 应付帐 (供应商名,购入金额,已付款,应付款) values('" + textBox1.Text.Trim() + "','" + textBox2.Text.Trim() + "','" + textBox3.Text.Trim() + "','" + textBox4.Text.Trim() + &q
第一点,如楼上所说,“供应商名,购入金额,已付款,应付款”中间的全角逗号转成半角。
另外,你这样的拼接sql语句的方式也可能在生成的sql语句中产生类似于数据库注入的错误。
abc = "insert into 应付帐 (供应商名,购入金额,已付款,应付款) values('" + textBox1.Text.Trim() + "','" + textBox2.Text.Trim() + "','" + textBox3.Text.Trim() + "','" + textBox4.Text.Trim() + "')";
//逗号把全角换成半角
逗号的问题!!!!!