tit*_*iti 4 c# sql-server asp.net
我有一张桌子student(id, name).然后我有一个文本框,为了输入名称,当点击提交按钮时,它会将数据插入到数据库中.那么如何只插入名称,而不是id,因为id是自动增量?
我试过这个
insert into student(id, name) values(,name)
但它不是插入我的表.
这是我的代码:
protected void Button1_Click(object sender, EventArgs e)
{
string test = txtName.Text;
SqlConnection conn = new SqlConnection(@"Data Source=.\SQLEXPRESS;AttachDbFilename=|DataDirectory|\Person.mdf;Integrated Security=True;User Instance=True");
string sql = "insert into student(name) values ('test')";
try
{
conn.Open();
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.ExecuteNonQuery();
}
catch (System.Data.SqlClient.SqlException ex)
{
string msg = "Insert Error:";
msg += ex.Message;
}
finally
{
conn.Close();
}
}
Dav*_*d M 17
INSERT INTO student (name) values ('name')
id完全省略该列,它将自动填充.要使用变量,您应该参数化SQL查询.
string sql = "INSERT INTO student (name) values (@name)";
conn.Open();
SqlCommand cmd = new SqlCommand(sql, conn);
cmd.Parameters.Add("@name", SqlDbType.VarChar);
cmd.Parameters["@name"].Value = test;
cmd.ExecuteNonQuery();
您永远不应该通过构造包含输入值的SQL字符串来尝试这样做,因为这会将您的代码暴露给SQL注入漏洞.
| 归档时间: |
|
| 查看次数: |
93820 次 |
| 最近记录: |