嘿家伙我想执行我的SQL语句,但我有synatx的麻烦,有人可以帮我理解我做错了吗?
谢谢,阿什.
public void AddToDatabase(string[] WordArray, int Good, int Bad, int Remove)
{
for (int WordCount = 0; WordCount < WordArray.Length; WordCount++)
{
string sSQL = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES (" + WordArray[WordCount] + ", " + Good + ", " + Bad + ", " + Remove + ")";
Debug.Print(sSQL);
//Private m_recordset As ADODB.Recordset
//Private m_connection As ADODB.Connection
ADODB.Recordset RS;
ADODB.Connection CN ;
CN = new ADODB.Connection();
RS = new ADODB.Recordset();
CN.CursorLocation = ADODB.CursorLocationEnum.adUseClient;
CN.ConnectionString = "Provider=Microsoft.Jet.OLEDB.4.0;Data Source=doom_calc_dict.mdb;jet OLEDB:database";
CN.Open(CN.ConnectionString,"","",0);
object dummy = Type.Missing;
CN.Execute(sSQL,out dummy,0);
RS.Close();
CN.Close();
//string sSQL = "SELECT Word FROM WordDef WHERE Word='" + WordArray[WordCount] + "'";
DatabaseTools.LoadDataFromDatabase(sSQL);
//DatabaseTools.LoadDataFromDatabase(sSQL);
}
}
Joe*_*orn 18
您需要解决的最重要的事情是使用查询参数而不是动态构建字符串.这将改善性能,维护和安全性.
此外,您希望使用较新的强类型ADO.Net对象.确保添加using指令System.Data.OleDb.
请注意using此代码中的语句.完成后,他们将确保您的连接已关闭.这很重要,因为数据库连接是有限的非托管资源.
最后,你并没有在代码中使用数组.你真正关心的是能够迭代一组单词,所以你想要接受一个IEnumerable<string>而不是一个数组.不要担心:如果您需要传递数组,则此函数将接受数组作为参数.
public void AddToDatabase(IEnumerable<string> Words, int Good, int Bad, int Remove)
{
string sql = "INSERT INTO WordDef (Word, Good, Bad, Remove) VALUES (@Word, @Good, @Bad, @Remove)";
using (OleDbConnection cn = new OleDbConnection("connection string here") )
using (OleDbCommand cmd = new OleDbCommand(sql, cn))
{
cmd.Parameters.Add("@Word", OleDbType.VarChar);
cmd.Parameters.Add("@Good", OleDbType.Integer).Value = Good;
cmd.Parameters.Add("@Bad", OleDbType.Integer).Value = Bad;
cmd.Parameters.Add("@Remove", OleDbType.Integer.Value = Remove;
cn.Open();
foreach (string word in Words)
{
cmd.Parameters[0].Value = word;
cmd.ExecuteNonQuery();
}
}
}
还有一件事:在OleDb中使用查询参数时,务必确保按顺序添加它们.
更新:已修复在VS 2005/.Net 2.0上工作(依赖于VS 2008功能).