什么都不会插入数据
为什么这行不通?
why doesnt this work?
private void button1_Click(object sender, EventArgs e)
{
string ConnectionString = @"Data Source=PHIL-PC\SQLEXPRESS;Initial Catalog=Sudoku;Integrated Security=True";
SqlConnection conn = new SqlConnection(ConnectionString);
conn.Open();
string namesub = nameTextBox.Text;
string emailsub= emailTextBox.Text;
string SQL1 = "insert into player(Player_name,Player_email) values (" + "'" + namesub + "'" + "," + emailsub + " )";
SqlCommand cmd1 = new SqlCommand(SQL1, conn);
cmd1.ExecuteNonQuery();
this.player1TableAdapter.Fill(this.sudokuDataSet.player1);
conn.Close();
对不起,我不太懂编程,但是请尝试更好地解释.我要做的是将用户从nameTextBox和emailTextbox(以Visual Studio形式)中输入的值插入到sql数据库的"player"表中.我正在使用上一个示例中的模板.出现的错误与cmd1.ExecuteNonQuery()相关;它说:在这种情况下,不允许使用名称"asdfafs".有效的表达式是常量,常量表达式和(在某些情况下)变量.不允许使用列名."
sorry im not very knowledgeable in programming, but ill try explain things better. the thing i want done is that the values put in by the user from the nameTextBox and emailTextbox (in the visual studio form) to be inserted into the "player" table in the sql database. i am using this template from a previous example. the error that comes up is associated with cmd1.ExecuteNonQuery(); line it says "The name "asdfafs" is not permitted in this context. Valid expressions are constants, constant expressions, and (in some contexts) variables. Column names are not permitted. "
这可能不起作用有很多原因:首先,不要连接字符串以构建SQL命令.它使您对意外或蓄意的SQL注入攻击敞开大门,这可能会破坏整个数据库.请改用参数化查询.这可以解决您的问题而无需其他工作.
字符串ConnectionString = @数据源= PHIL-PC \ SQLEXPRESS;初始目录=数独;集成安全性= True";
There are quite a few reasons why this may not work: firstly, do not concatenate strings to build a SQL command. It leaves you wide open to accidental or deliberate SQL Injection attack which can destroy your entire database. Use Parametrized queries instead. This may cure your problem without additional work.
string ConnectionString = @"Data Source=PHIL-PC\SQLEXPRESS;Initial Catalog=Sudoku;Integrated Security=True";
SqlConnection conn = new SqlConnection(ConnectionString);
conn.Open();
string namesub = nameTextBox.Text;
string emailsub= nameTextBox.Text;
string SQL1 = "insert into player(Player_name,Player_email) values (@NM, @EM)";
SqlCommand cmd1 = new SqlCommand(SQL1, conn);
cmd1.Parameters.AddWithValue("@NM", namesub);
cmd1.Parameters.AddWithValue("@EM", emailsub);
cmd1.ExecuteNonQuery();
但是值得一查,如果您真的想要在名称和电子邮件字段中使用该名称...
But it would be worth checking if you really wanted the name in both the name and email fields...
我认为您在
中输入了错误
I think you have made a mistake in
"insert into player(Player_name,Player_email) values (" + "''" + namesub + "''" + "," + emailsub + " )"语句.
如果您仔细查看此行,那么您会看到,"emailsub"中缺少逗号.
像
一样放
statement.
if you see this line carefully, then you seee, the comma is missing from the "emailsub".
put like
string SQL1 = "insert into player(Player_name,Player_email) values (" + "'" + namesub + "'" + ",'" + emailsub + "' )";
谢谢,
Nilesh
Thanks,
Nilesh
以下代码是什么?
What does the following code?
this.player1TableAdapter.Fill(this.sudokuDataSet.player1);
您收到的错误消息是什么? (如果没有我们不能为您提供帮助)
如果没有收到任何错误消息,请使用适当的异常处理.
我怀疑问题出在连接字符串上.您是否错过了密码?
最好的问候
塞巴斯蒂安
Whats the error message you are getting? (without that we can''t help you)
If you are not receiving any error message, please use proper exception handling.
I suspect the issue is with connection string. Have you missed the password?
Best Regards
Sebastian