将双精度值插入SQL SERVER时出现问题
问题描述:
SQLSERVER中的列字段已设置为十进制类型,但是当我执行此语法时,错误消息显示:错误转换字符串以键入double"
有什么问题吗?
The column field in SQLSERVER has been set in decimal type, but when I execute this syntax, error message says :"error conversion string to type double"
What is the problem?
Private Sub Button2_Click_1(ByVal sender As System.Object, ByVal e As System.EventArgs) Handles Button2.Click
Try
Da3 = New SqlDataAdapter("Insert Into Genome values (" + CInt(MaxGenerasi.Text) + "," + CInt(Jml_Pop.Text) + "," + CDec(NilaiCross.Text) + "," + CDec(NilaiMutasi.Text) + ",''" & waktu.Text & "''," + CDec(nilai.Text) + ")", con)
dt3.Clear()
Da3.Fill(dt3)
GenomeDataGridView.DataSource = dt3
Catch ex As Exception
MessageBox.Show("Koneksi Erros: " + ex.Message)
End Try
GenomeDataGridView.AutoResizeColumns()
End Sub
[edit]已添加代码块,忽略HTML ..."选项已禁用-OriginalGriff [/edit]
[edit]Code block added, "Ignore HTML..." option disabled - OriginalGriff[/edit]
答
要做的第一件事:不要串联要构建的字符串SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门,这可能会破坏整个数据库.请改用参数化查询.这也可能会解决您的问题:
First thing to do: Do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This will also probably cure your problem:
Da3 = New SqlDataAdapter("Insert Into Genome values (" + CInt(MaxGenerasi.Text) + "," + CInt(Jml_Pop.Text) + "," + CDec(NilaiCross.Text) + "," + CDec(NilaiMutasi.Text) + ",''" & waktu.Text & "''," + CDec(nilai.Text) + ")", con)
成为:
Da3 = New SqlDataAdapter("Insert Into Genome values (@MXG, @POP, @NCR, @NMT, @WAK, @NIL)", con)
Da3.SelectCommand.Parameters.AddWithValue("@MXG", CInt(MaxGenerasi.Text))
Da3.SelectCommand.Parameters.AddWithValue("@POP", CInt(Jml_Pop.Text))
Da3.SelectCommand.Parameters.AddWithValue("@NCR", CDec(NilaiCross.Text))
Da3.SelectCommand.Parameters.AddWithValue("@NMT", CDec(NilaiMutasi.Text))
Da3.SelectCommand.Parameters.AddWithValue("@WAK", waktu.Text)
Da3.SelectCommand.Parameters.AddWithValue("@NIL", CDec(nilai.Text))